← Back to branch summary

~ubuntu-branches/ubuntu/hardy/apache2/hardy-proposed

~ubuntu-branches/ubuntu/hardy/apache2/hardy-proposed

« back to all changes in this revision

Viewing changes to docs/manual/misc/security_tips.html.en

Committer: Bazaar Package Importer
Author(s): Stefan Fritsch
Date: 2008-01-17 20:27:56 UTC
mto: This revision was merged to the branch mainline in revision 26.
Revision ID: james.westby@ubuntu.com-20080117202756-hv38rjknhwa2ilwi

Tags: upstream-2.2.8

Import upstream version 2.2.8

files added:
build/installwinconf.awk

docs/manual/caching.html.fr

docs/manual/configuring.html.fr

docs/manual/content-negotiation.html.fr

docs/manual/glossary.html.fr

docs/manual/misc/password_encryptions.html

docs/manual/misc/password_encryptions.html.en

docs/manual/mod/mod_substitute.html

docs/manual/mod/mod_substitute.html.en

docs/manual/sections.html.fr

docs/manual/upgrading.html.fr

modules/filters/NWGNUsubstitute

modules/filters/mod_substitute.c

modules/filters/mod_substitute.dsp

srclib/apr-util/Makefile.win

srclib/apr-util/README.MySQL

srclib/apr-util/dbd/apr_dbd_mysql.c

srclib/apr-util/include/private/apu_config.hnw

srclib/apr-util/include/private/apu_select_dbm.hnw

srclib/apr-util/test/testall.dsw

srclib/apr-util/test/testutildll.dsp

srclib/apr-util/test/testutillib.dsp

srclib/apr/Makefile.win

srclib/apr/test/internal/Makefile.win

srclib/apr/test/testdll.dsp

srclib/apr/test/testlib.dsp

files removed:
docs/conf/httpd-win.conf

srclib/apr-util/INSTALL.MySQL

srclib/apr/helpers

srclib/apr/helpers/apr_rename.pl

srclib/apr/renames_pending

srclib/apr/test/aprtest.def

srclib/apr/test/aprtest.dsp

srclib/apr/test/aprtest.win

srclib/apr/test/testall.dsp

srclib/apr/test/testapp.dsp

srclib/apr/test/testappnt.dsp

files modified:
Apache.dsw

CHANGES

Makefile.win

build/apr_common.m4

build/find_apu.m4

build/mkconfNW.awk

configure

docs/conf/extra/httpd-mpm.conf.in

docs/conf/extra/httpd-vhosts.conf.in

docs/conf/httpd.conf.in

docs/conf/mime.types

docs/man/rotatelogs.8

docs/manual/bind.html.fr

docs/manual/caching.html

docs/manual/caching.html.en

docs/manual/configuring.html

docs/manual/configuring.html.de

docs/manual/configuring.html.en

docs/manual/configuring.html.ja.euc-jp

docs/manual/configuring.html.ko.euc-kr

docs/manual/content-negotiation.html

docs/manual/content-negotiation.html.en

docs/manual/content-negotiation.html.ja.euc-jp

docs/manual/content-negotiation.html.ko.euc-kr

docs/manual/convenience.map

docs/manual/developer/API.html.en

docs/manual/developer/documenting.html.en

docs/manual/dso.html.en

docs/manual/dso.html.ja.euc-jp

docs/manual/dso.html.ko.euc-kr

docs/manual/env.html.en

docs/manual/glossary.html

docs/manual/glossary.html.de

docs/manual/glossary.html.en

docs/manual/glossary.html.es

docs/manual/glossary.html.ko.euc-kr

docs/manual/howto/auth.html.en

docs/manual/index.html.fr

docs/manual/install.html.de

docs/manual/install.html.en

docs/manual/install.html.fr

docs/manual/install.html.ja.euc-jp

docs/manual/logs.html.en

docs/manual/logs.html.ja.euc-jp

docs/manual/misc/index.html.en

docs/manual/misc/index.html.ko.euc-kr

docs/manual/misc/perf-tuning.html.en

docs/manual/misc/rewriteguide.html.en

docs/manual/misc/security_tips.html.en

docs/manual/mod/core.html.en

docs/manual/mod/directives.html.de

docs/manual/mod/directives.html.en

docs/manual/mod/directives.html.es

docs/manual/mod/directives.html.ja.euc-jp

docs/manual/mod/directives.html.ko.euc-kr

docs/manual/mod/directives.html.ru.koi8-r

docs/manual/mod/index.html.de

docs/manual/mod/index.html.en

docs/manual/mod/index.html.es

docs/manual/mod/index.html.ja.euc-jp

docs/manual/mod/index.html.ko.euc-kr

docs/manual/mod/mod_auth_digest.html.en

docs/manual/mod/mod_authn_dbd.html.en

docs/manual/mod/mod_authnz_ldap.html.en

docs/manual/mod/mod_authz_dbm.html.en

docs/manual/mod/mod_cache.html.en

docs/manual/mod/mod_dbd.html.en

docs/manual/mod/mod_include.html.en

docs/manual/mod/mod_mime.html.en

docs/manual/mod/mod_proxy.html.en

docs/manual/mod/mod_proxy_ajp.html.en

docs/manual/mod/mod_proxy_balancer.html.en

docs/manual/mod/mod_proxy_http.html.en

docs/manual/mod/mod_rewrite.html.en

docs/manual/mod/mod_status.html.en

docs/manual/mod/mod_status.html.ja.euc-jp

docs/manual/mod/mod_status.html.ko.euc-kr

docs/manual/mod/quickreference.html.de

docs/manual/mod/quickreference.html.en

docs/manual/mod/quickreference.html.es

docs/manual/mod/quickreference.html.ja.euc-jp

docs/manual/mod/quickreference.html.ko.euc-kr

docs/manual/mod/quickreference.html.ru.koi8-r

docs/manual/new_features_2_2.html.en

docs/manual/new_features_2_2.html.fr

docs/manual/platform/netware.html.en

docs/manual/platform/windows.html.en

docs/manual/programs/configure.html.en

docs/manual/programs/rotatelogs.html.en

docs/manual/programs/rotatelogs.html.ko.euc-kr

docs/manual/rewrite/rewrite_intro.html.en

docs/manual/sections.html

docs/manual/sections.html.en

docs/manual/sections.html.ja.euc-jp

docs/manual/sections.html.ko.euc-kr

docs/manual/sitemap.html.de

docs/manual/sitemap.html.en

docs/manual/sitemap.html.es

docs/manual/sitemap.html.ja.euc-jp

docs/manual/sitemap.html.ko.euc-kr

docs/manual/ssl/ssl_intro.html.en

docs/manual/style/version.ent

docs/manual/suexec.html.en

docs/manual/suexec.html.ja.euc-jp

docs/manual/upgrading.html

docs/manual/upgrading.html.de

docs/manual/upgrading.html.en

docs/manual/upgrading.html.ja.euc-jp

docs/manual/upgrading.html.ko.euc-kr

docs/manual/upgrading.html.pt-br

docs/manual/upgrading.html.ru.koi8-r

httpd.spec

include/ap_mmn.h

include/ap_release.h

include/http_protocol.h

include/httpd.h

include/scoreboard.h

include/util_ldap.h

modules/NWGNUmakefile

modules/aaa/mod_auth.h

modules/aaa/mod_authn_dbd.c

modules/aaa/mod_authnz_ldap.c

modules/aaa/mod_authz_groupfile.c

modules/cache/mod_disk_cache.c

modules/dav/fs/lock.c

modules/dav/fs/repos.c

modules/dav/lock/locks.c

modules/dav/main/mod_dav.c

modules/dav/main/util.c

modules/experimental/mod_case_filter.c

modules/filters/NWGNUmakefile

modules/filters/config.m4

modules/filters/mod_charset_lite.c

modules/filters/mod_deflate.c

modules/filters/mod_deflate.dsp

modules/filters/mod_ext_filter.dsp

modules/filters/mod_filter.c

modules/filters/mod_filter.dsp

modules/filters/mod_include.c

modules/generators/mod_autoindex.c

modules/generators/mod_info.c

modules/generators/mod_status.c

modules/http/byterange_filter.c

modules/http/chunk_filter.c

modules/http/http_core.c

modules/http/http_etag.c

modules/http/http_filters.c

modules/http/http_protocol.c

modules/http/mod_mime.c

modules/ldap/util_ldap.c

modules/mappers/mod_imagemap.c

modules/mappers/mod_rewrite.c

modules/proxy/ajp.h

modules/proxy/ajp_header.c

modules/proxy/mod_proxy.c

modules/proxy/mod_proxy.h

modules/proxy/mod_proxy_ajp.c

modules/proxy/mod_proxy_balancer.c

modules/proxy/mod_proxy_ftp.c

modules/proxy/mod_proxy_http.c

modules/proxy/proxy_util.c

modules/ssl/mod_ssl.c

modules/ssl/mod_ssl.dsp

modules/ssl/ssl_engine_init.c

modules/ssl/ssl_engine_io.c

modules/ssl/ssl_engine_vars.c

modules/ssl/ssl_expr_eval.c

modules/ssl/ssl_private.h

modules/ssl/ssl_scache_dbm.c

modules/ssl/ssl_toolkit_compat.h

os/netware/util_nw.c

os/win32/BaseAddr.ref

os/win32/os.h

os/win32/util_win32.c

server/core.c

server/log.c

server/mpm/experimental/event/event.c

server/mpm/winnt/child.c

server/mpm/winnt/mpm_winnt.c

server/mpm/winnt/nt_eventlog.c

server/mpm_common.c

server/protocol.c

server/scoreboard.c

srclib/apr-util/CHANGES

srclib/apr-util/aprutil.dsp

srclib/apr-util/aprutil.dsw

srclib/apr-util/apu-config.in

srclib/apr-util/buckets/apr_brigade.c

srclib/apr-util/buckets/apr_buckets.c

srclib/apr-util/buckets/apr_buckets_alloc.c

srclib/apr-util/buckets/apr_buckets_eos.c

srclib/apr-util/buckets/apr_buckets_file.c

srclib/apr-util/buckets/apr_buckets_flush.c

srclib/apr-util/buckets/apr_buckets_heap.c

srclib/apr-util/buckets/apr_buckets_mmap.c

srclib/apr-util/buckets/apr_buckets_pipe.c

srclib/apr-util/buckets/apr_buckets_pool.c

srclib/apr-util/buckets/apr_buckets_refcount.c

srclib/apr-util/buckets/apr_buckets_simple.c

srclib/apr-util/buckets/apr_buckets_socket.c

srclib/apr-util/build-outputs.mk

srclib/apr-util/build/apr_common.m4

srclib/apr-util/build/apu-conf.m4

srclib/apr-util/build/apu-hints.m4

srclib/apr-util/build/apu-iconv.m4

srclib/apr-util/build/dbd.m4

srclib/apr-util/build/dbm.m4

srclib/apr-util/build/find_apu.m4

srclib/apr-util/build/pkg/buildpkg.sh

srclib/apr-util/buildconf

srclib/apr-util/configure

srclib/apr-util/configure.in

srclib/apr-util/crypto/apr_md4.c

srclib/apr-util/crypto/apr_md5.c

srclib/apr-util/crypto/apr_sha1.c

srclib/apr-util/crypto/getuuid.c

srclib/apr-util/crypto/uuid.c

srclib/apr-util/dbd/NWGNUdbdmysql

srclib/apr-util/dbd/NWGNUdbdpgsql

srclib/apr-util/dbd/NWGNUdbdsqli2

srclib/apr-util/dbd/NWGNUdbdsqli3

srclib/apr-util/dbd/apr_dbd.c

srclib/apr-util/dbd/apr_dbd_pgsql.c

srclib/apr-util/dbd/apr_dbd_sqlite2.c

srclib/apr-util/dbd/apr_dbd_sqlite3.c

srclib/apr-util/dbm/apr_dbm.c

srclib/apr-util/dbm/apr_dbm_berkeleydb.c

srclib/apr-util/dbm/apr_dbm_gdbm.c

srclib/apr-util/dbm/apr_dbm_ndbm.c

srclib/apr-util/dbm/apr_dbm_sdbm.c

srclib/apr-util/dbm/sdbm/sdbm.c

srclib/apr-util/dbm/sdbm/sdbm_hash.c

srclib/apr-util/dbm/sdbm/sdbm_lock.c

srclib/apr-util/dbm/sdbm/sdbm_pair.c

srclib/apr-util/dbm/sdbm/sdbm_pair.h

srclib/apr-util/dbm/sdbm/sdbm_private.h

srclib/apr-util/dbm/sdbm/sdbm_tune.h

srclib/apr-util/encoding/apr_base64.c

srclib/apr-util/hooks/apr_hooks.c

srclib/apr-util/include/apr_anylock.h

srclib/apr-util/include/apr_base64.h

srclib/apr-util/include/apr_buckets.h

srclib/apr-util/include/apr_date.h

srclib/apr-util/include/apr_dbd.h

srclib/apr-util/include/apr_dbm.h

srclib/apr-util/include/apr_hooks.h

srclib/apr-util/include/apr_ldap.h.in

srclib/apr-util/include/apr_ldap.hnw

srclib/apr-util/include/apr_ldap.hw

srclib/apr-util/include/apr_ldap_init.h

srclib/apr-util/include/apr_ldap_option.h

srclib/apr-util/include/apr_ldap_url.h

srclib/apr-util/include/apr_md4.h

srclib/apr-util/include/apr_md5.h

srclib/apr-util/include/apr_optional.h

srclib/apr-util/include/apr_optional_hooks.h

srclib/apr-util/include/apr_queue.h

srclib/apr-util/include/apr_reslist.h

srclib/apr-util/include/apr_rmm.h

srclib/apr-util/include/apr_sdbm.h

srclib/apr-util/include/apr_sha1.h

srclib/apr-util/include/apr_strmatch.h

srclib/apr-util/include/apr_uri.h

srclib/apr-util/include/apr_uuid.h

srclib/apr-util/include/apr_xlate.h

srclib/apr-util/include/apr_xml.h

srclib/apr-util/include/apu.h.in

srclib/apr-util/include/apu.hnw

srclib/apr-util/include/apu.hw

srclib/apr-util/include/apu_version.h

srclib/apr-util/include/apu_want.h.in

srclib/apr-util/include/apu_want.hnw

srclib/apr-util/include/apu_want.hw

srclib/apr-util/include/private/apr_dbd_internal.h

srclib/apr-util/include/private/apr_dbm_private.h

srclib/apr-util/include/private/apu_config.h.in

srclib/apr-util/include/private/apu_config.hw

srclib/apr-util/include/private/apu_select_dbm.h.in

srclib/apr-util/include/private/apu_select_dbm.hw

srclib/apr-util/ldap/apr_ldap_init.c

srclib/apr-util/ldap/apr_ldap_option.c

srclib/apr-util/ldap/apr_ldap_url.c

srclib/apr-util/libaprutil.dsp

srclib/apr-util/misc/apr_date.c

srclib/apr-util/misc/apr_queue.c

srclib/apr-util/misc/apr_reslist.c

srclib/apr-util/misc/apr_rmm.c

srclib/apr-util/misc/apu_version.c

srclib/apr-util/strmatch/apr_strmatch.c

srclib/apr-util/test/Makefile.in

srclib/apr-util/test/Makefile.win

srclib/apr-util/test/abts.c

srclib/apr-util/test/abts.h

srclib/apr-util/test/abts_tests.h

srclib/apr-util/test/dbd.c

srclib/apr-util/test/test_apu.h

srclib/apr-util/test/testbuckets.c

srclib/apr-util/test/testdate.c

srclib/apr-util/test/testdbd.c

srclib/apr-util/test/testdbm.c

srclib/apr-util/test/testldap.c

srclib/apr-util/test/testmd4.c

srclib/apr-util/test/testmd5.c

srclib/apr-util/test/testpass.c

srclib/apr-util/test/testqueue.c

srclib/apr-util/test/testreslist.c

srclib/apr-util/test/testrmm.c

srclib/apr-util/test/teststrmatch.c

srclib/apr-util/test/testuri.c

srclib/apr-util/test/testutil.c

srclib/apr-util/test/testutil.h

srclib/apr-util/test/testuuid.c

srclib/apr-util/test/testxlate.c

srclib/apr-util/test/testxml.c

srclib/apr-util/uri/apr_uri.c

srclib/apr-util/xlate/xlate.c

srclib/apr-util/xml/apr_xml.c

srclib/apr-util/xml/expat/lib/osd_ebcdic_df04_1.h

srclib/apr-util/xml/expat/lib/xml.dsp

srclib/apr/CHANGES

srclib/apr/apr.dsp

srclib/apr/apr.dsw

srclib/apr/atomic/os390/atomic.c

srclib/apr/atomic/win32/apr_atomic.c

srclib/apr/build/NWGNUmakefile

srclib/apr/build/apr_app.dsp

srclib/apr/build/apr_common.m4

srclib/apr/build/libapr_app.dsp

srclib/apr/configure

srclib/apr/configure.in

srclib/apr/dso/os390/dso.c

srclib/apr/file_io/netware/filestat.c

srclib/apr/file_io/unix/filestat.c

srclib/apr/file_io/win32/filedup.c

srclib/apr/file_io/win32/open.c

srclib/apr/file_io/win32/readwrite.c

srclib/apr/file_io/win32/seek.c

srclib/apr/include/apr.h.in

srclib/apr/include/apr.hnw

srclib/apr/include/apr.hw

srclib/apr/include/apr_file_info.h

srclib/apr/include/apr_file_io.h

srclib/apr/include/apr_network_io.h

srclib/apr/include/apr_shm.h

srclib/apr/include/apr_version.h

srclib/apr/include/arch/unix/apr_arch_file_io.h

srclib/apr/include/arch/unix/apr_private.h.in

srclib/apr/include/arch/win32/apr_arch_file_io.h

srclib/apr/include/arch/win32/apr_arch_misc.h

srclib/apr/libapr.dsp

srclib/apr/memory/unix/apr_pools.c

srclib/apr/misc/unix/rand.c

srclib/apr/misc/win32/env.c

srclib/apr/mmap/unix/common.c

srclib/apr/network_io/unix/inet_pton.c

srclib/apr/network_io/unix/multicast.c

srclib/apr/network_io/unix/sendrecv.c

srclib/apr/network_io/win32/sendrecv.c

srclib/apr/random/unix/apr_random.c

srclib/apr/shmem/win32/shm.c

srclib/apr/strings/apr_snprintf.c

srclib/apr/test/Makefile.in

srclib/apr/test/Makefile.win

srclib/apr/test/abts.c

srclib/apr/test/abts.h

srclib/apr/test/internal/testucs.c

srclib/apr/test/proc_child.c

srclib/apr/test/sockchild.c

srclib/apr/test/testall.dsw

srclib/apr/test/testatomic.c

srclib/apr/test/testdso.c

srclib/apr/test/testdup.c

srclib/apr/test/testfile.c

srclib/apr/test/testflock.c

srclib/apr/test/testglobalmutex.c

srclib/apr/test/testhash.c

srclib/apr/test/testipsub.c

srclib/apr/test/testlockperf.c

srclib/apr/test/testmmap.c

srclib/apr/test/testmutexscope.c

srclib/apr/test/testnames.c

srclib/apr/test/testoc.c

srclib/apr/test/testpipe.c

srclib/apr/test/testpoll.c

srclib/apr/test/testproc.c

srclib/apr/test/testshm.c

srclib/apr/test/testsock.c

srclib/apr/test/testsockets.c

srclib/apr/test/testutil.h

srclib/apr/threadproc/win32/proc.c

srclib/apr/threadproc/win32/thread.c

support/ab.c

support/ab.dsp

support/abs.dsp

support/htcacheclean.dsp

support/htdbm.dsp

support/htdigest.dsp

support/htpasswd.dsp

support/httxt2dbm.c

support/httxt2dbm.dsp

support/logresolve.dsp

support/rotatelogs.c

support/rotatelogs.dsp

support/win32/ApacheMonitor.c

support/win32/wintty.dsp

Show diffs side-by-side

added added

removed removed

docs/manual/misc/security_tips.html.en

131

131

132

132

<p>To isolate the damage a wayward SSI file can cause, a server

133

133

administrator can enable <a href="../suexec.html">suexec</a> as

134

described in the <a href="#cgi">CGI in General</a> section</p>

134

described in the <a href="#cgi">CGI in General</a> section.</p>

135

135

136

136

<p>Enabling SSI for files with .html or .htm extensions can be

137

137

dangerous. This is especially true in a shared, or high traffic,

143

143

programs from SSI pages. To do this replace <code>Includes</code>

144

144

with <code>IncludesNOEXEC</code> in the <code class="directive"><a href="../mod/core.html#options">Options</a></code> directive. Note that users may

145

145

still use <--#include virtual="..." --> to execute CGI scripts if

146

these scripts are in directories desginated by a <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> directive.</p>

146

these scripts are in directories designated by a <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> directive.</p>

147

147

148

148

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

149

149

<div class="section">

280

280

281

281

<p>Pay particular attention to the interactions of <code class="directive"><a href="../mod/core.html#location">Location</a></code> and <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> directives; for instance, even

282

282

if <code><Directory /></code> denies access, a <code>

283

<Location /></code> directive might overturn it</p>

283

<Location /></code> directive might overturn it.</p>

284

284

285

285

<p>Also be wary of playing games with the <code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> directive; setting it to

286

286

something like "./" would have the same effect, for root, as the first

302

302

you have to check the <a href="../logs.html">Log Files</a>. Even though

303

303

the log files only reports what has already happened, they will give you

304

304

some understanding of what attacks is thrown against the server and

305

allows you to check if the necessary level of security is present.</p>

305

allow you to check if the necessary level of security is present.</p>

306

306

307

307

<p>A couple of examples:</p>

308

308

Older »