I guess I am just a little confused as to why there is a <Directory /> at all? If my DocumentRoot is set to /var/www then wouldn't that prevent anyone from accessing anything above /var/www in the directory structure anyway, thus making the <Directory /> kind of pointless? On 09/29/2011 06:44 PM, Igor Cicimov wrote:
Your root directory / should always be Deny from all. Then you allow access to other directories per need. On Sep 30, 2011 7:25 AM, "Brandon Phelps" <bphelps@xxxxxxx <mailto:bphelps@xxxxxxx>> wrote: > Hello all, > > I am a bit confused regarding the difference between: > > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > > and: > > <Directory /var/www/> > Options Indexes FollowSymLinks MultiViews > AllowOverride None > Order allow,deny > allow from all > </Directory> > > I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www? > > Thanks! > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx <mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx <mailto:users-help@xxxxxxxxxxxxxxxx> >
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|