FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 01-02-2008, 10:28 AM
Chris G
 
Default Relative security of various apache setups

I run apache on my home Fedora 7 system and have my ADSL router set up
to allow access from the internet.

It all works OK at the moment, I have the DocumentRoot set to be
publically accessible and have a couple of sub-directories with
restricted access for pages that I don't want to be visible to
the outside world.

These restricted areas are set up as follows:-

<Directory /var/www/html/maxine>
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 192.168.1 193.128.168.194
AuthType Basic
AuthName "ISBD Home Server"
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
Satisfy Any
</Directory>


However I was wondering if other arrangements would be any more secure
and/or easier to maintain. These are not hugely important documents
or anything, just stuff I'd rather keep private like appointments and
other bits and pieces of personal information.

One obvious thing would be to reverse the logic and make the
DocumentRoot have restricted access (as above) and then explicitly
allow public access to one directory. I suspect this would be less
prone to inadvertently allowing access to unintended places due to
symbolic links etc. Are there any downsides to this approach (apart
from requiring a slightly longer URL for anything with public access)?


Another approach would be to use virtual domains (I can use
sub-domains of a domain I own for this, my home machine is already
accessed this way). Apart from the convenience of dedicated domains
for the public and less-public areas does this offer any improvement
(or otherwise) in security?


Are there any other approaches possible?

--
Chris Green

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 04:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org