Relative security of various apache setups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I run apache on my home Fedora 7 system and have my ADSL router set up
to allow access from the internet.

It all works OK at the moment, I have the DocumentRoot set to be
publically accessible and have a couple of sub-directories with
restricted access for pages that I don't want to be visible to
the outside world.

These restricted areas are set up as follows:-

    <Directory /var/www/html/maxine>
        AllowOverride None
        Order Deny,Allow
        Deny from all
        Allow from 192.168.1 193.128.168.194
        AuthType Basic
        AuthName "ISBD Home Server"
        AuthUserFile /etc/httpd/conf/passwd
        Require valid-user
        Satisfy Any
    </Directory>


However I was wondering if other arrangements would be any more secure
and/or easier to maintain.  These are not hugely important documents
or anything, just stuff I'd rather keep private like appointments and
other bits and pieces of personal information.

One obvious thing would be to reverse the logic and make the
DocumentRoot have restricted access (as above) and then explicitly
allow public access to one directory.  I suspect this would be less
prone to inadvertently allowing access to unintended places due to
symbolic links etc.  Are there any downsides to this approach (apart
from requiring a slightly longer URL for anything with public access)?


Another approach would be to use virtual domains (I can use
sub-domains of a domain I own for this, my home machine is already
accessed this way).  Apart from the convenience of dedicated domains
for the public and less-public areas does this offer any improvement
(or otherwise) in security?


Are there any other approaches possible?

-- 
Chris Green

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux