2009/10/6 Brolin Empey <brolin@xxxxxxxxx> > > 2009/10/6 Jonathan Zuckerman <j.zuckerman@xxxxxxxxx>: > > Or (my preferred solution) put them outside the > > document root; why bother putting them in the doc root and then making > > a directory override to disallow outside access to them when the > > simpler solution would be to just put them outside the web root and > > never ever worry about access rules. > > I know that is a simpler and probably more logical solution, but I > kept the logs under the doc root for at least 2 reasons: > > 1. The Web howto about configuring apache2 vhosts on Debian/Ubuntu I > used used this config in its examples. That howto lacks credibility, > though, because it has errors (singular versus plural nouns) in the > paths to the vhost conf files and does not even prevent world/public > access to the logs! (epic fail) > > 2. Because my VPS is hosting multiple vhosts, I thought it was tidier > to keep the logs in the doc root. I know it does not make much sense > because the logs are not public content, but it was an arbitrary > decision: I had to keep the logs /somewhere/. Yes, I suppose > /var/log/ is a better home for apache logs than /var/www/. I finally moved the logs outside of the doc root: they now live in “/var/log/apache2/vhosts/${domain_name}/”. This config is simpler, which is better if “complexity is the enemy of security.”. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx