[Tfug] Well now it's an Apache security rodeo...
Matt Jacob
matt at mattjacob.com
Fri Jul 3 23:48:41 MST 2009
On Fri, Jul 3, 2009 at 7:05 PM, Jim March<1.jim.march at gmail.com> wrote:
> 1) I figured out where my web-stuff was sitting: /var/www
Good. That sounds right.
> 3) I made sure the directory /usr/local/apache/passwd/passwords
> existed with everybody-can-read-it permissions (only root can write).
It really only needs to be readable by the user that Apache is running
under, but this will do.
> And...shouldn't that have done it?
Nope. Since you're using a per-directory config file (.htaccess),
you'll need to set the AllowOverride directive for the directory that
contains the .htaccess (/var/www). An example:
<Directory /var/www>
AllowOverride All
Order allow,deny
Allow from all
</Directory>
> There's directories under /var/www that contain data being served -
> should I copy that .htaccess file down into them?
No. Apache automatically traverses the directories and applies
.htaccess files found higher up as well.
Matt
More information about the tfug
mailing list