Bug#260063: apache2: suggestion to add new file - conf.d/security.conf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#260063: apache2: suggestion to add new file - conf.d/security.conf
From: Jari Aalto <jari.aalto@poboxes.com>
Date: Sun, 18 Jul 2004 10:43:43 +0300
Message-id: <[🔎] E1Bm6Kl-0003vl-Nu@ns.cante.net>
Reply-to: Jari Aalto <jari.aalto@poboxes.com>, 260063@bugs.debian.org

Package: apache2
Version: 2.0.50-5
Severity: wishlist
Tags: security

Perhaps there could be a separate configuration file that
woould control the default security setings. I'm not sure
if conf.d/ is meant solely for user settings, but it could
be one possibility to include:

  conf.d/security.conf

For a start, it could include statement:

   <Files ~ "\.htpasswd">
      Order       allow,deny
      Deny from   all
  </Files>

Other settings that user could enable could be added in comments, like:

  #<Directory />
  #    # DENY by default. Later, Explicitly allow access to directories. 
  #    Order Deny,Allow
  #    Deny from all
  #</Directory>


-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26.20040601
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US)

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork           2.0.50-5   Traditional model for Apache2

-- debconf-show failed

Reply to:

Prev by Date: Bug#260061: apache2: [security] ServerSignature should be Off
Next by Date: Processed: Re: Bug#260061: apache2: [security] ServerSignature should be Off
Previous by thread: Bug#260061: marked as done (apache2: [security] ServerSignature should be Off)
Next by thread: Processed: Re: Bug#260061: apache2: [security] ServerSignature should be Off
Index(es):
- Date
- Thread