Denying Access to System and Sensitive Files

Previous page
Table of content
Next page

<Files ~ "^\.ht">  Order allow,deny  Deny from all </Files>


There are certain types of files that we do not want our visitors to access under any circumstances, because they may contain passwords or other sensitive information. These include example backup files created by Unix text editors, per-directory configuration files, and so on. You may want to deny access to them using explicit configuration settings such as those shown here, which are included by default in the Apache configuration and deny access to .htaccess and .htpasswd files.

It is also possible to prevent the server from delivering unintended content by configuring it not to follow symbolic links. For this purpose, use the FollowSymLinks and SymLinksIfOwnerMatch arguments to the Options directive, as described in its documentation.

You may also want to disable mod_speling, explained in Chapter 4 as sometimes it may accidentally expose the names of files not intended for publishing when a misspelled URL could match multiple documents.

See also the section on how to restrict access to directory listings.



Previous page
Table of content
Next page
Apache(c) Phrase Book(c) Essential Code and Commands
Apache Phrasebook
ISBN: 0672328364
EAN: 2147483647
Year: 2006
Pages: 254
Authors: Daniel Lopez, Jesus Blanco
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Software Configuration Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
DNS & BIND Cookbook
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy