Re: 2.4 named virtual hosts question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>> <VirtualHost *:80>
>>     ServerName default
>>
>>     <Directory />
>>         AllowOverride none
>>         Order Allow,Deny
>>         Require all denied
>>     </Directory>
>> </VirtualHost>
[...]

I'm not 100% sure, but that may not deny access to absolutely everything, in case you have global
directives such as cgi aliases or proxy constructs, possibly with mod_rewrite and [P] which point
to non-directory resources.

Therefore it may be better to use <Location> instead of <Directory>. 

Additionally, if you bind any further vhosts to specific IP addresses, e.g. 
<VirtualHost 192.0.2.1:80>, then that virtualhost will have precedence for
requests to 192.0.2.1:80 over the *:80 virtualhost.

Overall, I'd say that such a construct is more likely to increase the attack surface
instead of reducing it.

rainer
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux