On Sat, Jul 20, 2013 at 3:53 PM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > I'm not sure if I'm missing anything here, but is it intended that > webapps should not be accessible from anywhere but localhost by default? > This seems to be the case for at least wordpress - which is my kind of > 'gold standard' for webapp packaging on Fedora, I use it as a reference > - and roundcubemail. They both have this block in > their /etc/httpd/conf.d/name.conf file: > > <Directory /usr/share/name> > AllowOverride Options > <IfModule mod_authz_core.c> > # Apache 2.4 > Require local > </IfModule> > <IfModule !mod_authz_core.c> > # Apache 2.2 > Order Deny,Allow > Deny from All > Allow from 127.0.0.1 > Allow from ::1 > </IfModule> > </Directory> > > Which pretty clearly disallows access from anywhere but localhost. It > seems an odd default configuration, in that if you ever want to allow > anyone to actually access your webapp you're going to have to change it, > which will prevent it ever being automatically updated again (you'll > always get a .rpmnew file). I have to change the 'Require local' to > 'Require all granted' and restart httpd in order to actually let > anything but localhost access the site. It's a vastly safer initial setup than leaving it wide open, by default. this applies to many tools such as Nagios and cacti, that may share information about your system that you really should review before exposing. You should also be albe to use a reload, not necessarily a restart, to get it working. (Although I've not been trying this with systemd!) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
