Hi, > Perhaps there could be a separate configuration file that > woould control the default security setings. I'm not sure > if conf.d/ is meant solely for user settings, but it could > be one possibility to include: > > conf.d/security.conf > > For a start, it could include statement: > > <Files ~ "\.htpasswd"> > Order allow,deny > Deny from all > </Files> This is already present in apache2.conf. And I don't see what specific advantage there would be to move it to a separate file. The current apache2.conf is far from unhandlable. > Other settings that user could enable could be added in comments, like: > > #<Directory /> > # # DENY by default. Later, Explicitly allow access to directories. > # Order Deny,Allow > # Deny from all > #</Directory> This is a separate bug already. I'm not convinced that a separate file is necessary at all. Can you elaborate on its advantages? Thijs
Attachment:
signature.asc
Description: This is a digitally signed message part