Re: /etc/apache2/conf.d/security default for the release after lenny
On Friday 05 November 2010, Teodor MICU wrote:
> I've noticed that this paragraph is still a comment in the default
> conf.d/security file:
>
> # This currently breaks the configurations that come with some web
application
> # Debian packages. It will be made the default for the release after
lenny.
> #
> #<Directory />
> # AllowOverride None
> # Order Deny,Allow
> # Deny from all
> #</Directory>
>
> Are there any plans to enable this for squeeze? I know that I've
> manually removed the # for my own installs and it didn't had any
> side effects.
No, the comment is outdated. I forgot that I put such a definite
statement about squeeze in there. The reason I have not changed it is
that I am no longer so sure it would be a good idea: Webapps that ship
their files in some directory outside of /var/www would have to have
an "Allow from all" snippet in their configuration to work by default.
Now, if the admin doesn't want "allow from all" but e.g. "allow from
192.168.0.0/24", he would have to change many distinct configuration
sections, which is a pain.
If there is another update for apache2 in squeeze, I will change the
comment. Thanks for bringing this to my attention.
Cheers,
Stefan
Reply to: