7.6. The Convenience Factor

Previous page
Table of content
Next page

7.6. The Convenience Factor

The configuration process must be as convenient as possible. Piling up all settings into one /etc/httpd/conf/httpd.conf file will make it difficult to navigate and use them. And the more parameters there are, the greater the chances of letting something undesirable to slip by. Following the ensuing recommendations will make it easier for you to maintain your Web server:

  • Move all access rights definitions to the /etc/httpd/conf/access.conf configuration file. By default, this file is empty, with everyone using only the /etc/httpd/conf/httpd.conf file. Separating permissions from the rest of the settings will make it easier to orient yourself in the server-configuration settings.

  • The server's main settings, which seldom change, can also be separated into the /etc/httpd/conf/access.conf file.

  • Comment all your actions. Many settings remain unchanged for years , but most people have difficulties remembering why they set this or that directive only a couple of months after they did so. For example, you prohibited access to a directory you temporarily used to test scripts to all users. Some time later, you may forget why you did this, and open access to the raw scripts, which may cause a system crash or break-in.

The more convenient it is to control the server security, the fewer mistakes you will make. Parameter grouping and detailed comments help you remember the purpose of the specific settings. This approach to administration also helps you solve problems efficiently as they arise. As you know, in the everlasting war between hackers and administrators, those who know more, are more experienced , and react faster win. The fast-reaction aspect is especially important.

Centralized storage of access rights in configuration files of the Web server is only acceptable for small sites. But these access-rights descriptions become too unwieldy for a hundred or more virtual servers. Even if all permission definitions are stored in the /etc/httpd/conf/access.conf file, its size will be too large to find the necessary information in it efficiently.

For large sites, I recommend describing in the server's configuration files only general rules that cover several directories at once. This can be done because directory paths can be specified using regular expressions. The following is an example that defines rules for everything contained in the /home directory: 

 <Directory /home/*  >    AllowOverride  FileInfo AuthConfig Limit    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec    <Limit GET POST OPTIONS  PROPFIND>        Order allow, deny        Allow from all    </Limit>    <LimitExcept GET POST OPTIONS  PROPFIND>        Order deny, allow        Deny from all    </LimitExcept> </Directory>

Such regular expressions can be used for creating general rules for different directories. For example, specifying the /home/*/public_html value as the directory assigns the specified rights to all public_html directories in the /home directory unless the permissions are explicitly overridden for individual directories.


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
MySQL Stored Procedure Programming
Project Management JumpStart
Interprocess Communications in Linux: The Nooks and Crannies
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
C++ How to Program (5th Edition)
Sap Bw: a Step By Step Guide for Bw 2.0
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy