Apache *.conf files and security

Discussion in 'Server Operation' started by robertlouwen, Jun 2, 2009.

  1. robertlouwen

    robertlouwen New Member


    In /etc/httpd/conf/httpd.conf is this line include conf.d/*.conf so out of curiosity I looked in /etc/httpd/conf.d and found among others :

    • BackupPC.conf
    • roundcubemail.conf
    • webalizer.conf
    In these files you can find their alias, now when I go http://something.org/alias I get error 401, not authorized, error 403, forbidden and / or error 404, page not found.

    If I change
    order deny,allow
    deny from all
    allow from 
    Into this
    order allow,deny
    allow from all
    #allow from
    am I exposing my server to a security risk ?

    PS when I changed the code the pages showed with or without username / password prompt.
    Last edited: Jun 2, 2009
  2. HooGLaNDeR

    HooGLaNDeR New Member

    By altering these lines, you make it available for the whole world. If you have no problems with it, then theres no problem.
  3. robertlouwen

    robertlouwen New Member

    @ Hooglander,

    In the mean time I tried some other allow from lines
    • allow from, my gateway, this works
    • allow from, a computer in my home network, does not work
    • allow from, my webserver, does not work
    • allow from 62.194.xxx.xxx, my internet IP, does not work
    I would like to access these pages from every computer ( at work, at friends, when with holyday )
    There is no need for the world to access these pages.
  4. id10t

    id10t Member

    You can do it with a ssh tunnel...
  5. robertlouwen

    robertlouwen New Member

    ssh tunnel ????
  6. HooGLaNDeR

    HooGLaNDeR New Member

          Order Deny,Allow
          Deny From All
          Allow From
          Allow From
          Allow From
          Allow From 62.194.xxx.xxx
    Alternatively, you can allow it to the world, but protect it with .htaccess

Share This Page