Re: Dumb Apache server moves?

From: Adam (a24061@void.yahoo.void.com)
Date: 02/07/03


From: Adam <a24061@void.yahoo.void.com>
Date: Fri, 07 Feb 2003 08:51:25 GMT

On Thursday 06 February 2003 19:29, Jem Berkes wrote:

>> Just food for thought: What do you think are the most common security
>> mistakes regarding configuration of Apache? Not so much security
>> flaws, but default configutations / dumb default settings that should
>> be changed?
>>
>> I am sort of new to this but have become the impromptu expert in my
>> department. Any thoughts from the Apache world?
>
> Things that briefly flash into my mind. Don't know if they're default.
>
> - Letting untrusted users execute CGI scripts
> - Letting untrusted users use .htaccess

What sort of problems does .htaccess cause?



Relevant Pages

  • Apache - Surprised by web access to .htaccess etc.
    ... and possibly propose a change to the distributed configuration sample. ... In the distributed Apache configuration, ... *could*, in fact, view the contents of .htaccess, .htpasswd etc. ... The "satisfy any" is taking effect, ...
    (comp.infosystems.www.servers.unix)
  • Re: .htaccess problem with Apache 2.0.40
    ... > I'm sending this email because I've spent countless hours trying to ... > figure out why the .htaccess on my webserver doesn't do anything at ... You'll have better luck if you post your configuration to the list so ... people that are fluent in Apache are able to spot problems if they ...
    (RedHat)
  • RE: Apache issue
    ... The Apache documentation at ... > configuration file of the previous apache's version on a ... I'm bypassing all of them (.htaccess and ip list ... I've configured the access file as follow: ...
    (Focus-Linux)
  • Re: Reverting back to apache2 from lighttpd: have issues
    ... saying that localhost was not configured properly and I could not use ... the simple browser url "http://localhost to open the server. ... I have several different virtualhost entries in my Apache configuration. ...
    (Debian-User)
  • Re: Reverting back to apache2 from lighttpd: have issues
    ... saying that localhost was not configured properly and I could not use ... in .php are not being allowed to run instead they ... have several different virtualhost entries in my Apache configuration. ...
    (Debian-User)