[apache2] 01/02: Change the default document root to /var/www/html

Arno Töll atoell-guest at moszumanska.debian.org
Sun Nov 24 15:11:13 UTC 2013 

This is an automated email from the git hooks/post-receive script.

atoell-guest pushed a commit to branch master
in repository apache2.

commit a6fd25c46f4e27ef2923977beb0c18e505176395
Author: Arno Töll <arno at debian.org>
Date:   Sun Nov 24 16:09:43 2013 +0100

    Change the default document root to /var/www/html
---
 debian/apache2.NEWS                                | 8 ++++++++
 debian/apache2.dirs                                | 2 +-
 debian/apache2.postinst                            | 2 +-
 debian/changelog                                   | 4 +++-
 debian/config-dir/sites-available/000-default.conf | 2 +-
 debian/config-dir/sites-available/default-ssl.conf | 2 +-
 debian/index.html                                  | 8 ++++----
 7 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/debian/apache2.NEWS b/debian/apache2.NEWS
index 75be4ce..b414151 100644
--- a/debian/apache2.NEWS
+++ b/debian/apache2.NEWS
@@ -34,6 +34,14 @@ apache2 (2.4.1-1) unstable; urgency=low
   allow access to your served directory explicity in the corresponding virtual
   host, or by allowing access in apache2.conf as proposed.
 
+  Along the security model, we did also change the default Document Root, files
+  are served from. Previous releases served /var/www by default when no other
+  virtual host matched the request. Starting with this release, we changed the
+  default document root to /var/www/html, so that sensitive files from other
+  virtual hosts wich are typically put into some directory below /var/www are
+  not exposed by the default virtual host. This change further improves the out
+  of box security.
+
   Moreover, the configuration mechanism in Debian has changed. All
   configurations in sites-enabled and conf-enabled need a ".conf" suffix now.
   The latter replaces the deprecated /etc/apache2/conf.d/ directory (which is
diff --git a/debian/apache2.dirs b/debian/apache2.dirs
index 9ef4c24..531c08f 100644
--- a/debian/apache2.dirs
+++ b/debian/apache2.dirs
@@ -8,5 +8,5 @@ usr/share/lintian/overrides
 var/cache/apache2
 var/cache/apache2/mod_cache_disk
 var/log/apache2
-var/www
+var/www/html
 usr/share/bug/apache2
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index f32cc54..3704f77 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -283,7 +283,7 @@ install_default_files()
 			! -e /var/www/index.php   -a \
 			! -e /var/www/index.xhtml -a \
 			! -e /var/www/index.htm ] ; then
-				cp /usr/share/apache2/default-site/index.html /var/www/index.html
+				cp /usr/share/apache2/default-site/index.html /var/www/html/index.html
 		fi
 	fi
 }
diff --git a/debian/changelog b/debian/changelog
index fbfa0ee..e9f2949 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -32,9 +32,11 @@ apache2 (2.4.6-4) UNRELEASED; urgency=low
   * Remove Steinar H. Gunderson from uploaders, he will continue to support
     itk in his own package in future. The remaining Apache team thanks Steinar
     for all the work in the past.
+  * Change the Default Document root directory where files are served from
+    (Closes: #730372).
 
 
- -- Arno Töll <arno at debian.org>  Thu, 07 Nov 2013 22:46:29 +0100
+ -- Arno Töll <arno at debian.org>  Sun, 24 Nov 2013 16:04:50 +0100
 
 apache2 (2.4.6-3) unstable; urgency=low
 
diff --git a/debian/config-dir/sites-available/000-default.conf b/debian/config-dir/sites-available/000-default.conf
index e3c973d..cfe8df5 100644
--- a/debian/config-dir/sites-available/000-default.conf
+++ b/debian/config-dir/sites-available/000-default.conf
@@ -9,7 +9,7 @@
 	#ServerName www.example.com
 
 	ServerAdmin webmaster at localhost
-	DocumentRoot /var/www
+	DocumentRoot /var/www/html
 
 	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 	# error, crit, alert, emerg.
diff --git a/debian/config-dir/sites-available/default-ssl.conf b/debian/config-dir/sites-available/default-ssl.conf
index 25b20ca..432b965 100644
--- a/debian/config-dir/sites-available/default-ssl.conf
+++ b/debian/config-dir/sites-available/default-ssl.conf
@@ -2,7 +2,7 @@
 	<VirtualHost _default_:443>
 		ServerAdmin webmaster at localhost
 
-		DocumentRoot /var/www
+		DocumentRoot /var/www/html
 
 		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 		# error, crit, alert, emerg.
diff --git a/debian/index.html b/debian/index.html
index 5cad971..854d44f 100644
--- a/debian/index.html
+++ b/debian/index.html
@@ -224,7 +224,7 @@
                 operation of the Apache2 server after it has been installed on Debian systems.
                 If you can read this page, it means that the Apache HTTP server installed at
                 this site is working properly. You should <b>replace this file</b> (located at
-                <tt>/var/www/index.html</tt>) before continuing to operate your HTTP server.
+                <tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
           </p>
         </div>
         <div class="section_header">
@@ -324,9 +324,9 @@
                 document root directory in <tt>/etc/apache2/apach2.conf</tt>.
             </p>
             <p>
-                XXX: Write here where to place additional doc roots/explain the
-                /var/www issue. This needs a decision on the doc root first,
-                though.
+                The default Debian document root is <tt>/var/www/html</tt>. You
+                can make your own virtual hosts under /var/www. This is different
+                to previous releases to provide better security out of the box.
             </p>
         </div>
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list