security_tips.xml revision 13dd6a45ad3051c84a03bfbc88f0e314a5322ed6
842ae4bd224140319ae7feec1872b93dfd491143fielding<!DOCTYPE manualpage SYSTEM "/style/manualpage.dtd">
842ae4bd224140319ae7feec1872b93dfd491143fielding<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>
842ae4bd224140319ae7feec1872b93dfd491143fielding<!-- $LastChangedRevision$ -->
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Licensed to the Apache Software Foundation (ASF) under one or more
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd contributor license agreements. See the NOTICE file distributed with
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding this work for additional information regarding copyright ownership.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd The ASF licenses this file to You under the Apache License, Version 2.0
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd (the "License"); you may not use this file except in compliance with
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd the License. You may obtain a copy of the License at
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Unless required by applicable law or agreed to in writing, software
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding distributed under the License is distributed on an "AS IS" BASIS,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding See the License for the specific language governing permissions and
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding limitations under the License.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <parentdocument href="./">Miscellaneous Documentation</parentdocument>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>Some hints and tips on security issues in setting up a web server.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Some of the suggestions will be general, others specific to Apache.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <section id="uptodate"><title>Keep up to Date</title>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>The Apache HTTP Server has a good record for security and a
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding developer community highly concerned about security issues. But
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding it is inevitable that some problems -- small or large -- will be
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding discovered in software after it is released. For this reason, it
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding is crucial to keep aware of updates to the software. If you have
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding obtained your version of the HTTP Server directly from Apache, we
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding highly recommend you subscribe to the <a
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding href="http://httpd.apache.org/lists.html#http-announce">Apache
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding HTTP Server Announcements List</a> where you can keep informed of
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding new releases and security updates. Similar services are available
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding from most third-party distributors of Apache software.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>Of course, most times that a web server is compromised, it is
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding not because of problems in the HTTP Server code. Rather, it comes
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding from problems in add-on code, CGI scripts, or the underlying
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Operating System. You must therefore stay aware of problems and
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding updates with all the software on your system.</p>
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein <p>All network servers can be subject to denial of service attacks
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein that attempt to prevent responses to clients by tying up the
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein resources of the server. It is not possible to prevent such
9625528fcf4fa27288f3be080a1979c8ef60d7dfrbb attacks entirely, but you can do certain things to mitigate the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding problems that they create.</p>
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding <p>Often the most effective anti-DoS tool will be a firewall or
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein other operating-system configurations. For example, most
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh firewalls can be configured to restrict the number of simultaneous
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein connections from any individual IP address or network, thus
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein preventing a range of simple attacks. Of course this is no help
024cd9589e52cf11ce765dfddb5b5f0c6e421a48gstein against Distributed Denial of Service attacks (DDoS).</p>
20be52a1d742b6dad4b799009d70a51522a8f8f1rbb <p>There are also certain Apache HTTP Server configuration
7552405e3e69df030121c15aa33e3524a60895d8manoj settings that can help mitigate problems:</p>
e8f95a682820a599fe41b22977010636be5c2717jim <li>The <directive module="core">TimeOut</directive> directive
e8f95a682820a599fe41b22977010636be5c2717jim should be lowered on sites that are subject to DoS attacks.
945a9b081610f2b57759231e4cfad7aed62c9326slive Setting this to as low as a few seconds may be appropriate.
945a9b081610f2b57759231e4cfad7aed62c9326slive As <directive module="core">TimeOut</directive> is currently
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb used for several different operations, setting it to a low value
945a9b081610f2b57759231e4cfad7aed62c9326slive introduces problems with long running CGI scripts.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>The <directive module="core">KeepAliveTimeout</directive>
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener directive may be also lowered on sites that are subject to DoS
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener attacks. Some sites even turn off the keepalives completely via
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener <directive module="core">KeepAlive</directive>, which has of course
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener other drawbacks on performance.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>The values of various timeout-related directives provided by
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein other modules should be checked.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>The directives
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm <directive module="core">LimitRequestBody</directive>,
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm <directive module="core">LimitRequestFields</directive>,
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein <directive module="core">LimitRequestFieldSize</directive>,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <directive module="core">LimitRequestLine</directive>, and
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <directive module="core">LimitXMLRequestBody</directive>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding should be carefully configured to limit resource consumption
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding triggered by client input.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>On operating systems that support it, make sure that you use
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding the <directive module="core">AcceptFilter</directive> directive
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm to offload part of the request processing to the operating
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding system. This is active by default in Apache httpd, but may
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein require reconfiguration of your kernel.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding module="mpm_common">MaxClients</directive> directive to allow
066877f1a045103acfdd376d48cdd473c33f409bdougm the server to handle the maximum number of simultaneous
066877f1a045103acfdd376d48cdd473c33f409bdougm connections without running out of resources. See also the <a
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein href="perf-tuning.html">performance tuning
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>The use of a threaded <a href="/mpm.html">mpm</a> may
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener allow you to handle more simultaneous connections, thereby
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener mitigating DoS attacks. Further, the experimental
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener uses asynchronous processing to avoid devoting a thread to each
5bfaaf573bacb45c1cf290ce85ecc676587e8a64jim connection. At the current point of time this
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf is work in progress and not fully implemented. Especially the
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <module>event</module> mpm is currently incompatible with
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <li>There are a number of third-party modules available through
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener href="http://modules.apache.org/">http://modules.apache.org/</a>
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener that can restrict certain client behaviors and thereby mitigate
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener DoS problems.</li>
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein <p>In typical operation, Apache is started by the root user, and it
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding switches to the user defined by the <directive
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm module="mpm_common">User</directive> directive to serve hits. As is the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding case with any command that root executes, you must take care that it is
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz protected from modification by non-root users. Not only must the files
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz themselves be writeable only by root, but so must the directories, and
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz parents of all directories. For example, if you choose to place
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz ServerRoot in <code>/usr/local/apache</code> then it is suggested that
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz you create that directory as root, with commands like these:</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding mkdir bin conf logs <br />
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding chown 0 . bin conf logs <br />
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding chgrp 0 . bin conf logs <br />
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding chmod 755 . bin conf logs
6a76fa5b11c6f0d07a3c226ac43225885bbf60c4sf <p>It is assumed that <code>/</code>, <code>/usr</code>, and
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener <code>/usr/local</code> are only modifiable by root. When you install the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <program>httpd</program> executable, you should ensure that it is
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding similarly protected:</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>You can create an htdocs subdirectory which is modifiable by other
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding users -- since root never executes any files out of there, and shouldn't
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding be creating files in there.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>If you allow non-root users to modify any files that root either
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding executes or writes on then you open your system to root compromises.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm For example, someone could replace the <program>httpd</program> binary so
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding that the next time you start it, it will execute some arbitrary code. If
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding the logs directory is writeable (by a non-root user), someone could replace
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding a log file with a symlink to some other system file, and then root
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding might overwrite that file with arbitrary data. If the log files
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding themselves are writeable (by a non-root user), then someone may be
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding able to overwrite the log itself with bogus data.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>Server Side Includes (SSI) present a server administrator with
4f9a74ad7e44b0464f7cf56525a205d788becacbtrawick several potential security risks.</p>
4f9a74ad7e44b0464f7cf56525a205d788becacbtrawick <p>The first risk is the increased load on the server. All
4f9a74ad7e44b0464f7cf56525a205d788becacbtrawick SSI-enabled files have to be parsed by Apache, whether or not
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding there are any SSI directives included within the files. While this
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding load increase is minor, in a shared server environment it can become
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding significant.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>SSI files also pose the same risks that are associated with CGI
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp scripts in general. Using the <code>exec cmd</code> element, SSI-enabled
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp files can execute any CGI script or program under the permissions of the
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp user and group Apache runs as, as configured in
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm <p>There are ways to enhance the security of SSI files while still
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding taking advantage of the benefits they provide.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>To isolate the damage a wayward SSI file can cause, a server
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding administrator can enable <a href="/suexec.html">suexec</a> as
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding described in the <a href="#cgi">CGI in General</a> section.</p>
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp <p>Enabling SSI for files with <code>.html</code> or <code>.htm</code>
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp extensions can be dangerous. This is especially true in a shared, or high
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp traffic, server environment. SSI-enabled files should have a separate
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp extension, such as the conventional <code>.shtml</code>. This helps keep
8f8f3c36d21306d0f4f1e9d2df167516bbb24c13brianp server load at a minimum and allows for easier management of risk.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>Another solution is to disable the ability to run scripts and
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding programs from SSI pages. To do this replace <code>Includes</code>
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf module="core">Options</directive> directive. Note that users may
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf still use <code><--#include virtual="..." --></code> to execute CGI
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding scripts if these scripts are in directories designated by a <directive
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding module="mod_alias">ScriptAlias</directive> directive.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>First of all, you always have to remember that you must trust the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding writers of the CGI scripts/programs or your ability to spot potential
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding security holes in CGI, whether they were deliberate or accidental. CGI
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding scripts can run essentially arbitrary commands on your system with the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding permissions of the web server user and can therefore be extremely
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding dangerous if they are not carefully checked.</p>
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <p>All the CGI scripts will run as the same user, so they have potential
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf to conflict (accidentally or deliberately) with other scripts e.g. User
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding A hates User B, so he writes a script to trash User B's CGI database. One
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding program which can be used to allow scripts to run as different users is
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <a href="/suexec.html">suEXEC</a> which is included with Apache as of
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding 1.2 and is called from special hooks in the Apache server code. Another
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding popular way of doing this is with
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a>.</p>
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <p>Allowing users to execute CGI scripts in any directory should only be
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding considered if:</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>You trust your users not to write scripts which will deliberately
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding or accidentally expose your system to an attack.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>You consider security at your site to be so feeble in other areas,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding as to make one more potential hole irrelevant.</li>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <li>You have no users, and nobody ever visits your server.</li>
e1f37c4fd2ceb0a24bb3732faacaaf26db98bfafbnicholes <p>Limiting CGI to special directories gives the admin control over what
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf goes into those directories. This is inevitably more secure than non
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding script aliased CGI, but only if users with write access to the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding directories are trusted or the admin is willing to test each
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding new CGI script/program for potential security holes.</p>
7a032c6f4af09fb2335dfb88c42b3ddca065de43wrowe <p>Most sites choose this option over the non script aliased CGI
e8f95a682820a599fe41b22977010636be5c2717jim approach.</p>
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <p>Embedded scripting options which run as part of the server itself,
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf such as <code>mod_php</code>, <code>mod_perl</code>, <code>mod_tcl</code>,
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm and <code>mod_python</code>, run under the identity of the server itself
000b67449410515eac43e76ef6667915bfd4d2abgstein (see the <directive module="mpm_common">User</directive> directive), and
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding therefore scripts executed by these engines potentially can access anything
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding the server user can. Some scripting engines may provide restrictions, but
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf it is better to be safe and assume not.</p>
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf <p>When setting up dynamic content, such as <code>mod_php</code>,
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm <code>mod_perl</code> or <code>mod_python</code>, many security considerations
000b67449410515eac43e76ef6667915bfd4d2abgstein get out of the scope of <code>httpd</code> itself, and you need to consult
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding documentation from those modules. For example, PHP lets you setup <a
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
9cdbc046c10912045129fdb6f37d4b4027a26e86trawick which is most usually disabled by default. Another example is <a
9cdbc046c10912045129fdb6f37d4b4027a26e86trawick href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
0bbf6722826580b04ce055e8b7535fb351ef00carbb security. For more information about those, consult each project
23d1ffb000ad6380f27bbc73b336c8052a6b2e7dsf documentation.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
9cdbc046c10912045129fdb6f37d4b4027a26e86trawick can be seen as a HTTP firewall and, provided you configure it finely enough,
9cdbc046c10912045129fdb6f37d4b4027a26e86trawick can help you enhance your dynamic content security.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>To run a really tight ship, you'll want to stop users from setting
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding up <code>.htaccess</code> files which can override security features
e8f95a682820a599fe41b22977010636be5c2717jim you've configured. Here's one way to do it.</p>
33510984c759eb3da154ceb0db9b75fa0031d3b4sf <Directory /> <br />
33510984c759eb3da154ceb0db9b75fa0031d3b4sf AllowOverride None <br />
33510984c759eb3da154ceb0db9b75fa0031d3b4sf </Directory>
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb </example>
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb <p>This prevents the use of <code>.htaccess</code> files in all
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb directories apart from those specifically enabled.</p>
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb </section>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>One aspect of Apache which is occasionally misunderstood is the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding feature of default access. That is, unless you take steps to change it,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if the server can find its way to a file through normal URL mapping
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding rules, it can serve it to clients.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>For instance, consider the following example:</p>
39813b8983b16dce75194e7b70184fd68743db90manoj # cd /; ln -s / public_html <br />
9927a2a72d50103f32323b53f5fc4577c1801327rbb </example>
39813b8983b16dce75194e7b70184fd68743db90manoj <p>This would allow clients to walk through the entire filesystem. To
39813b8983b16dce75194e7b70184fd68743db90manoj work around this, add the following block to your server's
39813b8983b16dce75194e7b70184fd68743db90manoj configuration:</p>
8582d33cbcd1266acf9f77cf8a7ec5773d90f02ejorton <Directory /> <br />
39813b8983b16dce75194e7b70184fd68743db90manoj Order Deny,Allow <br />
39813b8983b16dce75194e7b70184fd68743db90manoj Deny from all <br />
39813b8983b16dce75194e7b70184fd68743db90manoj </Directory>
9927a2a72d50103f32323b53f5fc4577c1801327rbb <p>This will forbid default access to filesystem locations. Add
9927a2a72d50103f32323b53f5fc4577c1801327rbb appropriate <directive module="core">Directory</directive> blocks to
28caffb98f18c0b9562ac20870f7ab91f3d9a01fjerenkrantz allow access only in those areas you wish. For example,</p>
7552405e3e69df030121c15aa33e3524a60895d8manoj Order Deny,Allow <br />
39813b8983b16dce75194e7b70184fd68743db90manoj Allow from all <br />
73e8b26287de5c06fa470d36162e103dbac9c7e5wrowe </Directory> <br />
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive Order Deny,Allow <br />
e8c95302287c86cd1f984eeb25cf3bfa9e2d33bbslive Allow from all <br />
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding </Directory>
80ce75fd8bfc1066f75082336dfe8537c07f8ec1jorton <p>Pay particular attention to the interactions of <directive
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding module="core">Directory</directive> directives; for instance, even
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding if <code><Directory /></code> denies access, a <code>
36ef8f77bffe75d1aa327882be1b5bdbe2ff567asf <Location /></code> directive might overturn it.</p>
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding <p>Also be wary of playing games with the <directive
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding module="mod_userdir">UserDir</directive> directive; setting it to
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding something like <code>./</code> would have the same effect, for root, as
0bfcc4d046f6735af2f15981fb53e4c0680b4731covener the first example above. We strongly
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm recommend that you include the following line in your server
fd0edaa8e3d4dd67d0604ccef2e96b071db96643fielding configuration files:</p>
[Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied