You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2001/10/02 17:37:34 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/misc security_tips.html
slive 01/10/02 08:37:34
Modified: htdocs/manual/misc security_tips.html
Log:
Add an index.
Submitted by: Allan Liska <al...@allan.org>
Revision Changes Path
1.24 +23 -6 httpd-docs-1.3/htdocs/manual/misc/security_tips.html
Index: security_tips.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -b -u -r1.23 -r1.24
--- security_tips.html 2001/09/24 01:36:41 1.23
+++ security_tips.html 2001/10/02 15:37:34 1.24
@@ -15,6 +15,23 @@
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Security Tips for Server Configuration</H1>
+
+<ul>
+<li><a href="#serverroot">Permissions on ServerRoot Directories</a></li>
+
+<li><a href="#ssi">Server Side Includes</a>
+
+<li><a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
+
+<li><a href="#saliasedcgi">Script Aliased CGI</a></li>
+
+<li><a href="#cgi">CGI in General</a></li>
+
+<li><a href="#systemsettings">Protecting System Settings</a></li>
+
+<li><a href="#protectserverfiles">Protect Server Files by Default</a></li>
+</ul>
+
<HR>
<P>Some hints and tips on security issues in setting up a web server. Some of
@@ -69,7 +86,7 @@
may be able to overwrite the log itself with bogus data.
<P>
<HR>
-<H2>Server Side Includes</H2>
+<h2><a name="ssi">Server Side Includes</a></h2>
<P>Server side includes (SSI) can be configured so that users can execute
arbitrary programs on the server. That thought alone should send a shiver
down the spine of any sys-admin.<P>
@@ -80,7 +97,7 @@
<HR>
-<H2>Non Script Aliased CGI</H2>
+<h2><a name="nsaliasedcgi">Non Script Aliased CGI</a></h2>
<P>Allowing users to execute <STRONG>CGI</STRONG> scripts in any directory
should only
be considered if;
@@ -93,7 +110,7 @@
</OL><P>
<HR>
-<H2>Script Alias'ed CGI</H2>
+<h2><a name="saliasedcgi">Script Aliased CGI</a></h2>
<P>Limiting <STRONG>CGI</STRONG> to special directories gives the admin
control over
what goes into those directories. This is inevitably more secure than
@@ -104,7 +121,7 @@
Most sites choose this option over the non script aliased CGI approach.<P>
<HR>
-<H2>CGI in general</H2>
+<h2><a name="cgi">CGI in General</a></h2>
<P>Always remember that you must trust the writers of the CGI script/programs
or your ability to spot potential security holes in CGI, whether they were
deliberate or accidental.<P>
@@ -121,7 +138,7 @@
<HR>
-<H2>Stopping users overriding system wide settings...</H2>
+<h2><a name="systemsettings">Protecting System Settings</a></h2>
<P>To run a really tight ship, you'll want to stop users from setting
up <CODE>.htaccess</CODE> files which can override security features
you've configured. Here's one way to do it...<P>
@@ -141,7 +158,7 @@
from those named.<P>
<HR>
<H2>
- Protect server files by default
+<a name="protectserverfiles">Protect Server Files by Default</a>
</H2>
<P>
One aspect of Apache which is occasionally misunderstood is the feature