You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@liege.ICS.UCI.EDU> on 1996/07/03 20:01:08 UTC
Re: access.conf changes
Well, those aren't quite the changes I would make, but they are safer
then what 1.1b5 has and won't kill anyone. +1 on release.
Can we add the following text file somewhere in the server docs
or release notes? Normally I'd simplify it a bit, but I know this
one works since we use it here at UCI.
.....Roy
========================================================================
# access.conf example for large University-type servers
#
# This is provided as an example for those sites where the primary
# document root and cgi-bin are under administrative control, but the
# user directories are not controllable and not allowed CGI access.
# This is a typical situation for University servers.
#
# All directories not mentioned below are off-limits, but allow
# symlinks to be followed for automounters
<Directory />
AllowOverride None
Options FollowSymLinks
<Limit GET POST PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
# For security reasons, CGI script directories must not allow overrides
<Directory /usr/local/etc/httpd/cgi-bin>
AllowOverride None
Options ExecCGI
<Limit GET POST>
order allow,deny
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
# The DocumentRoot is assumed to be under our control
<Directory /usr/local/etc/httpd/htdocs>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes FollowSymLinks IncludesNoExec
<Limit GET>
order allow,deny
allow from all
</Limit>
<Limit POST PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
# likewise the server's own icons directory
<Directory /usr/local/etc/httpd/icons>
AllowOverride None
Options Indexes
<Limit GET>
order allow,deny
allow from all
</Limit>
<Limit POST PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
# User Directories are assumed not to be under control
<Directory /*/public_html*>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET>
order allow,deny
allow from all
</Limit>
<Limit POST PUT DELETE>
order deny,allow
deny from all
</Limit>
</Directory>
# The following two may be uncommented to provide server diagnostic
# information, assuming that has been compiled into the server config
# Allow server status reports, with the URL of http://servername/status/
# Change the ".nowhere.com" to match your domain to enable.
# <Location /status>
# SetHandler server-status
# <Limit GET>
# order deny,allow
# deny from all
# allow from .nowhere.com
# </Limit>
# </Location>
# Allow extended server configuration reports on http://servername/info/
# Change the ".nowhere.com" to match your domain to enable.
# <Location /info>
# SetHandler server-info
# <Limit GET>
# order deny,allow
# deny from all
# allow from .nowhere.com
# </Limit>
# </Location>