On Wed, 2008-04-30 at 10:04 -0600, Rich Megginson wrote: > Sigur?ur Bjarnason wrote: > > Yes, > > > > I would like to secure the front page, so you have to type in the > password before you get the first page, The page the list up all the > pages etc .. > > > That page is /usr/share/dirsrv/html/admserv.html. It is generated by > the CGI URL /dist/download. I'm not sure how htaccess works - see > /etc/dirsrv/admin-serv/admserv.conf for more information. .htaccess files are basically <directory> blocks stored in the directory they configure, rather than the main Apache configuration. They may have only a subset of the features available in the main config file, depending mostly on the AllowOverride directive in the primary config file. They're great for rapid prototyping of a complicated per-directory configuration in Apache, and widely used in shared hosting Apache environments. However, they have potentially bad implications for security, and definitely bad implications for performance. The performance hit happens just by enabling them, too, not just when the feature is in use (though that can make it worse). Looking at my own instance of FDS, they are quite properly disabled. Admserv.conf is probably the right place for any access control changes. -- -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3551 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080502/e04f5706/attachment.bin
