diff options
author | Stefan Fritsch <sf@debian.org> | 2008-06-30 17:40:24 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2012-01-02 10:36:56 +0100 |
commit | a86af1767739fb6c5230c40f176305ab7b296351 (patch) | |
tree | 3dd7bb2bb8562eaeb6f13b1575e4b52f6eef95d9 | |
parent | 704527fe85442dfdb8ead42e1bb58938d3de7577 (diff) | |
download | apache2-a86af1767739fb6c5230c40f176305ab7b296351.tar.gz |
Comment out the "<directory /> deny from all ..." block, as this will break other packages
(I found 7, but there may be more). Let's do this for lenny+1.
git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/trunk/apache2@742 01b336ce-410b-0410-9a02-a0e7f243c266
-rw-r--r-- | debian/changelog | 5 | ||||
-rw-r--r-- | debian/config-dir/conf.d/security | 13 |
2 files changed, 8 insertions, 10 deletions
diff --git a/debian/changelog b/debian/changelog index 7241bd7c..a3089827 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,11 +12,6 @@ apache2 (2.2.9-3) UNRELEASED; urgency=low - Add ssl-cert to Recommends. * Add a new config file /etc/apache2/conf.d/security with some vaguely security related diectives. (Closes: #260063) - * Disable access to the root directory / by default (closes: #341022). - If you use Aliases or Symlinks that point to directories outside the - DocumentRoot, you need to explicitly allow access to those directories - (Or you can revert to the old behaviour by commenting out the - <Directory /> block in /etc/apache2/conf.d/security . * Adjust mod_userdir accordingly. Also add "AllowOverride Indexes" for the home directories. * Disable SSLv2 by default. It is insecure. Also only enable ciphers with diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security index a83920a1..58c8d7e9 100644 --- a/debian/config-dir/conf.d/security +++ b/debian/config-dir/conf.d/security @@ -2,11 +2,14 @@ # Disable access to the entire file system except for the directories that # are explicitly allowed later. # -<Directory /> - AllowOverride None - Order Deny,Allow - Deny from all -</Directory> +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +#<Directory /> +# AllowOverride None +# Order Deny,Allow +# Deny from all +#</Directory> # Changing the following options will not really affect the security of the |