[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, next, updated. 6767aa5aad234e71a23ca86b2ecf22d5903e86f2
Arno Töll
arno at debian.org
Sat Apr 14 21:27:32 UTC 2012
The following commit has been merged in the next branch:
commit 6767aa5aad234e71a23ca86b2ecf22d5903e86f2
Author: Arno Töll <arno at debian.org>
Date: Sat Apr 14 23:26:47 2012 +0200
Explain our security model
diff --git a/debian/config-dir/apache2.conf b/debian/config-dir/apache2.conf
index 2aa3e2c..3c9b2a2 100644
--- a/debian/config-dir/apache2.conf
+++ b/debian/config-dir/apache2.conf
@@ -138,18 +138,32 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
#
LogLevel warn
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem except of /usr/share and
+# /var/www. The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server.
-# XXX: Add comments
DocumentRoot /var/www
+
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
+
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
+
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
@@ -157,14 +171,7 @@ DocumentRoot /var/www
</Directory>
-# Include module configuration:
-IncludeOptional mods-enabled/*.load
-IncludeOptional mods-enabled/*.conf
-# Include list of ports to listen on
-Include ports.conf
-
-#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
--
Debian packaging for apache2 (Apache HTTPD 2.x)
More information about the Pkg-apache-commits
mailing list