2009/10/6 Brolin Empey <brolin@xxxxxxxxx>
>
> 2009/10/6 Jonathan Zuckerman <j.zuckerman@xxxxxxxxx>:
> > Or (my preferred solution) put them outside the
> > document root; why bother putting them in the doc root and then making
> > a directory override to disallow outside access to them when the
> > simpler solution would be to just put them outside the web root and
> > never ever worry about access rules.
>
> I know that is a simpler and probably more logical solution, but I
> kept the logs under the doc root for at least 2 reasons:
>
> 1. The Web howto about configuring apache2 vhosts on Debian/Ubuntu I
> used used this config in its examples. That howto lacks credibility,
> though, because it has errors (singular versus plural nouns) in the
> paths to the vhost conf files and does not even prevent world/public
> access to the logs! (epic fail)
>
> 2. Because my VPS is hosting multiple vhosts, I thought it was tidier
> to keep the logs in the doc root. I know it does not make much sense
> because the logs are not public content, but it was an arbitrary
> decision: I had to keep the logs /somewhere/. Yes, I suppose
> /var/log/ is a better home for apache logs than /var/www/.
I finally moved the logs outside of the doc root: they now live in
“/var/log/apache2/vhosts/${domain_name}/”. This config is simpler,
which is better if “complexity is the enemy of security.”.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|