Re: /etc/apache2/conf.d/security default for the release after lenny

To: debian-apache@lists.debian.org
Subject: Re: /etc/apache2/conf.d/security default for the release after lenny
From: Jordon Bedwell <jordon@envygeeks.com>
Date: Fri, 05 Nov 2010 16:26:59 -0500
Message-id: <[🔎] 4CD476A3.5050200@envygeeks.com>
In-reply-to: <[🔎] AANLkTi=_oWAC_HjPFbBTNcgy=-RjjoUe6WCAjREhHuwr@mail.gmail.com>
References: <[🔎] AANLkTi=_oWAC_HjPFbBTNcgy=-RjjoUe6WCAjREhHuwr@mail.gmail.com>

On 11/05/2010 03:47 PM, Teodor MICU wrote:
> Hi,
> 
> I've noticed that this paragraph is still a comment in the default
> conf.d/security file:
> 
> # This currently breaks the configurations that come with some web application
> # Debian packages. It will be made the default for the release after lenny.
> #
> #<Directory />
> #       AllowOverride None
> #       Order Deny,Allow
> #       Deny from all
> #</Directory>

Isn't it defined by default in the default virtual host? <directory />
in the virtual host is the same as the global when it comes to security
except it's vhost specific denial.

The AllowOverride None has to go if it's to be enabled by default, most
users don't go optimise their apache installs that deep, deep enough to
disable htaccess period, but then again, the same users who say disable
htaccess are also not telling you to disable access logging too so to
each their own I guess.

Reply to:

References:
- /etc/apache2/conf.d/security default for the release after lenny
  - From: Teodor MICU <mteodor@gmail.com>

Prev by Date: /etc/apache2/conf.d/security default for the release after lenny
Next by Date: Bug#503069: marked as done (mod_rewrite bug with file-system path as substitution)
Previous by thread: /etc/apache2/conf.d/security default for the release after lenny
Next by thread: Re: /etc/apache2/conf.d/security default for the release after lenny
Index(es):
- Date
- Thread