Your root directory / should always be Deny from all. Then you allow access to other directories per need.
On Sep 30, 2011 7:25 AM, "Brandon Phelps" <
bphelps@xxxxxxx> wrote:
> Hello all,
>
> I am a bit confused regarding the difference between:
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> and:
>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www?
>
> Thanks!
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:
http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail:
users-unsubscribe@xxxxxxxxxxxxxxxx> " from the digest:
users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail:
users-help@xxxxxxxxxxxxxxxx>
