Re: Best practice for restricting access to exact IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/12/17 18:36, Timothy D Legg wrote:
and then believes that running a2dissite on all these, perhaps to make a
backup of a php-encrusted website (such as mine) that the document root
will default to the top level of all these sites and perhaps reveal SQL
passwords in the process.

I hope this is not true...

As far as I understand it will work exactly as you described, although keeping virtual hosts under default document root is not a good practice. Also, leaving Apache listen to some port without configuring site on that port does not look like good practice too.

I personally favour creating default virtualhost with dummy name which (among other things) will get shown to bots that don't provide host name or SNI. For instance, it may always return 403.

--

With Best Regards,
Marat Khalili

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux