[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#260063: apache2: suggestion to add new file - conf.d/security.conf


> Perhaps there could be a separate configuration file that
> woould control the default security setings. I'm not sure
> if conf.d/ is meant solely for user settings, but it could
> be one possibility to include:
>   conf.d/security.conf
> For a start, it could include statement:
>    <Files ~ "\.htpasswd">
>       Order       allow,deny
>       Deny from   all
>   </Files>

This is already present in apache2.conf. And I don't see what specific
advantage there would be to move it to a separate file. The current
apache2.conf is far from unhandlable.

> Other settings that user could enable could be added in comments, like:
>   #<Directory />
>   #    # DENY by default. Later, Explicitly allow access to directories. 
>   #    Order Deny,Allow
>   #    Deny from all
>   #</Directory>

This is a separate bug already.

I'm not convinced that a separate file is necessary at all. Can you
elaborate on its advantages?


Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: