LINUX Under Apache Server Configuration Raiders (4)
Author: Bo OSO Oso
Options Followsymlinks
ALLOWOVERRIDE NONE
Apache servers can access access control for the directory, however access control can pass two
The way is implemented, one is in setting the file httpd.conf (or access.conf) for each purpose
The record is set, the other method is to set the access control file in each directory, usually access the control file
The name is .htaccess. Although it can be used to control the browser access, the method of using the configuration file is required to restart the HTTPD daemon after each change, which is not flexible, so it is mainly used to configure the overall security control strategy of the server system. And use the .htaccess file to set the specific directory for each directory, more flexible and convenient.
The Directory statement is used to define access restrictions on the directory, here you can see its standard syntax, define access restrictions for a directory. This setting for the above example is made to the root directory of the system, setting Options for the symbol connection, and uses the Allowoverride None to indicate that the access control files not allowed to change this directory will change the configuration here, which means no view The corresponding access control file in this directory.
Since Apache's access control settings for a directory can be inherited by the next level,
The root directory will affect its lower-level directory. Note that due to the setting of Allowoverride None, make
The Apache server does not need to view access control files in the root directory, nor does it need to view the following levels.
Recorded access control files until httpd.conf (or access.conf) specified for a directory
Allowing Alloworride, that is, allowing access to access control files. Since Apache's inheritance method is used for directory access control, if you can view access control files from the root directory, then Apache must view access control files at first-level levels, which affect system performance. By default, this feature is closed, so that Apache searches down from the specific directory specified in httpd.conf, reducing the number of searches, and increasing system performance. Therefore, the ALLOWOVERRIDE NONE for the system root directory is not only helpful to system security, but also for system performance.
Options Indexes FollowSymlinks
ALLOWOVERRIDE NONE
ORDER ALOW, DENY
ALLOW FROM ALL
Here, it is defined here that the access setting of the directory of the system's external publish document is set, set different AllowOverride options to define the relationship between the directory settings in the configuration file and the security control file in the user directory, and the Options option is used to define the characteristics of the directory.
Configuration files and access control files in each directory can set access restrictions, and the setting file is
The administrator is set, and the access control file in each directory is set by the owner of the directory, so management
Customers can specify whether the owner of the directory can override the settings in the setup file, which requires the ALOWOVERRIDE parameter to set, usually set the value:
ALLOWOVERRIDE settings impact on each directory access control file
ALL default, enable access control files to overwrite system configuration
NONE server ignores the settings of the access control file
Options Allows access control files to use Options parameter to define the options for the directory
FILEINFO allows parameter settings such as AddType in the access control file
Authconfig allows access control files to use Authname, AuthType, etc., to protect directory belongs to the directory Limit to protect directory Limit to the IP address and name of the client's IP address and name to access the directory. With a certain property, you can use Options to control some of the access feature settings in this directory, the following is the common feature option:
Options Settings Server Feature Settings
All directory features of all are valid, this is the default state
None all directory features are invalid
FOLLOWSYMLINKS allows you to use symbolic connections, which will enable your browser to access documents other than document root directory SymlinksifownerMatch only with the symbolic connection with the symbolic connection itself, allow access, this setting will add some safety
Execcgi allows this directory to perform CGI programs indexes allow your browser to generate an index of all files in this directory, so that when there is no index.html (or other index file) in this directory, you can send this directory to the browser. List
In addition, the above example also uses parameters such as ORDER, ALLOW, DENY, which is a way to control access to the domain name and IP address of the browser according to the domain name of the browser. ORDER defines the order of Allow and DENY, and Allow, DENY access control settings for the name or IP, using the AlLowFrom All, indicating that all clients are allowed to access this directory without any restrictions.
Userdir public_html
When running the Apache server on a Linux, all users on this computer can have their own webpaths, such as http://example.org.cn/~user, using the wavy symbol, add the username. Map to the user's own web directory. The map directory is a subdirectory in the user's personal home directory, and its name is defined with the parameters of UseDir, default is public_html. If you don't want to provide web services for official users, use Disabled to make Userdir parameters.
#
# Allowoverride fileinfo authconfig limited
# Options MultiViews INDEXES SYMLINKSIFOWNERMATCH INCLUDESNOEXEC
#
# Order allow, deny
# Allow from all
#
#
# Order deny, allow
# Deny from all
#
#
Another usage of Directory can be seen here that access control permissions can be defined for subdirectory distribution in different directories by a simple mode matching method. This setting requires an Apache server to make additional processing for each path, so it will reduce the performance of the server, so the default situation does not open this access limit.
>> Previous article: Linux Apache Server Configuration Raiders (3) >> Next article: Linux Apache Server Configuration Raiders (5)
