> > ------------------- > > <Directory /> > > Options FollowSymLinks > > AllowOverride All > > </Directory> > > That is so very wrong, I can't even begin to describe how wrong :-/ > You are allowing .htaccess files from / - which means your > performance will be degraded by a good 50% > But you're also allowing *everything* in your .htaccess files, > which poses a security risk. A better way of handling this would be: <Directory /> Options FollowSymlinks AllowOverride None Deny from all </Directory> <Directory /var/www/*> # I like Contentnegotiation! Options +MultiViews # I usually don't allow .htaccess, but.. yeah. # This seems sensible. AllowOverride FileInfo AuthConfig Limits Allow from all </Directory> -- Igor GaliÄ Tel: +43 (0) 664 886 22 883 Mail: i.galic@xxxxxxxxxxxxxx URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|