You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sl...@apache.org on 2002/01/19 18:45:12 UTC
cvs commit: httpd-docs-1.3/htdocs/manual/misc security_tips.html
slive 02/01/19 09:45:12
Modified: htdocs/manual/misc security_tips.html
Log:
This example doesn't really do what it claims. Instead, lets make it simpler
by discussing ONLY the .htaccess issue. The other issue is covered by the
next example.
PR: 9523
Revision Changes Path
1.29 +3 -6 httpd-docs-1.3/htdocs/manual/misc/security_tips.html
Index: security_tips.html
===================================================================
RCS file: /home/cvs/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -b -u -r1.28 -r1.29
--- security_tips.html 12 Nov 2001 18:57:05 -0000 1.28
+++ security_tips.html 19 Jan 2002 17:45:12 -0000 1.29
@@ -195,22 +195,19 @@
<p>To run a really tight ship, you'll want to stop users from
setting up <code>.htaccess</code> files which can override
security features you've configured. Here's one way to do
- it...</p>
+ it.</p>
<p>In the server configuration file, put</p>
<blockquote>
<code><Directory /><br />
AllowOverride None<br />
- Options None<br />
- Allow from all<br />
</Directory><br />
</code>
</blockquote>
- Then setup for specific directories
- <p>This stops all overrides, Includes and accesses in all
- directories apart from those named.</p>
+ <p>This prevents the use of <code>.htaccess</code> files in all
+ directories apart from those specifically enabled.</p>
<hr />
<h2><a id="protectserverfiles"