| 1. | How can I restrict some directories ? |
| Create your .htpasswd file as follows:
/usr/sbin/htpasswd -c /usr/local/httpd/password.files/.htpasswd ronald
you will be prompted by:
Adding password for ronald.
New password:
you type it in and you are finally prompted by:
Re-type new password:
just do it!. Then create the .htaccess file using any plain-text editor in the
directory ro be protected as follows:
AuthUserFile /usr/local/httpd/password.files/.htpasswd
AuthGroupFile /dev/null
AuthName ronald
AuthType Basic
<Limit GET POST>
require user ronald
</Limit>
|
| 2. | Why does SuSE use -FollowSymlinks as its default?
Is there a good reason why it's not +FollowSymLinks as a default ? |
| Security. You probably let web
authors create files under your htdocs directory or their public_html
directories. Imagine if one created a symlink to /etc or
something. Your anonymous FTP server is set up in the same way. If you don't care about the security issues, you can change it
yourself. It is better that the user knows the issue if they are
vulnerable. |
| 3. | How is SuSE setting up Apache to serve public_html files?
|
|
This is the way it works: -
The apache server will start suexec for the home directories, if it
finds it. It's in /usr/sbin/suexec. Now suexec will let apache run as
testuser:users in testuser's public_html directory. This is different
from the way Apache normally runs as nobody:nogroup. Now suexec
applies alot of restrictions , and it checks all cgi files, and will refuse
to run them if the permissions are off. You need to read the apache docs on
suexec. It allows you to run your public_html as mode 700, but it is more
dangerous, because it lets people come into your public_html as the user,
instead of nobody.
In the main server httdocs and cgi-bin, Apache will run as
nobody:nogroup;
SuSE uses a user called wwwrun instead of nobody, but it's about the same.
So you may want to rename suexec to disable it, unless you want to read up on it.
Your testuser should be
in group users. There
is a suexec log in the /var/log/httpd
logs, it will give you some clues.
|
| 4. | How does one get rid of unwanted error messages in the Apache logs?
|
|
Use Apache itself:
SetEnvIf Request_URI "root.exe|cmd.exe|default.ida" bad-req
ErrorLog /var/log/httpd/faq_error.log
CustomLog /var/log/httpd/faq_acces.log combined env=!bad-req
Use it in your server conf and these things will not show in your logs
|
| 5. | How do I get SSL working with Apache2 ?
|
|
Generate the SSL certificate:
cd /usr/share/doc/packages/apache2
./certificate.sh as root.
cd /etc/sysconfig
edit apache2 and add "ssl" as per the following:
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir env
expires include log_config mime negotiation setenvif status suexec
userdir ssl"
Also enable:
APACHE_SERVER_FLAGS="-D SSL"
Restart apache
|
| 6. | Where can I learn what the Apache error messages mean?
|
|
http://www.bignosebird.com/apache/a5.shtml
|
