Re: [suse-security] Location of the Apache document root (was: Apache Source Tree under 6.1)
I'd place the apache manual to /usr/doc/packages/appache/manual/ and set a symlink from /usr/local/httpd/htdocs/manual -> /usr/doc/packages/appache/manual to allow the example page to refer to the manual.
Sounds like a good idea, anyway. But it's not that simple. Preferably, I would like local documents under /usr/local, and the rest of the material that comes with apache out of there - wherever, I don't care. There are a bunch of icons, include headers, and the test page plus associated bla bla. Not sure how to do that though, while keeping in touch with the apache security model. While we're on the security list, cgi-bin is non-empty. I remember that by some default on some distribution it contained a file with serious security problems?!? Volker
While we're on the security list, cgi-bin is non-empty. I remember that by some default on some distribution it contained a file with serious security problems?!?
yep. its 'testcgi' a shell script in the main cgi-bin dir. 'chmod 000' or delete/move it. if the httpd runs as non-root this is no big deal but if one _have_ to run httpd as root (for what reasons ever) this is a serious problem. cu stefan
participants (2)
-
Stefan V�lkel
-
Volker Kuhlmann