PHWinfo - Afficher un message

05/10/2006, 19h37

"Andy" <me@privacy.net> wrote in
news:12iai49pop9qc04@corp.supernews.com:

> In apache i have the following in my main apache config file
> httpd.conf and my password in a htaccess file.
>
> <VirtualHost *>
> DocumentRoot /usr/home/xxxx
> ServerName www.xxxx. co. uk
> DirectoryIndex index.htm index.html index.php
> <Directory "/usr/home/xxxx/">
> Options -Indexes
> AllowOverride All
> AuthType Basic
> AuthName "Admin Area"
> AuthUserFile "/usr/home/xxxx/.htpasswd
> Require valid-user
> </Directory>
> </VirtualHost>
>
>
> Can anyone tell me is this pretty good security and setup correctly?.
> Would i be better putting the above config into a htaccess file rather
> than the main httpd.conf ?
> Anything i should change?.
>
> Thank you
> Andy
>
>
>
>
>
>

Your configuration does not require an .htaccess file. All of your
directives are in the httpd.conf file. In fact, the password does not go
in the .htaccess file anyway, if used, it is in the stated .htpasswd
file. My recommendation, however, is to not have your .htpasswd file in
your /use/home/xxxx/ directory tree. Put it somewhere outside of the http
space.

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

05/10/2006, 19h37	#2
Mark Taylor Messages: n/a Hébergeur:	Re: Is my directory secure? "Andy" <me@privacy.net> wrote in news:12iai49pop9qc04@corp.supernews.com: > In apache i have the following in my main apache config file > httpd.conf and my password in a htaccess file. > > <VirtualHost *> > DocumentRoot /usr/home/xxxx > ServerName www.xxxx. co. uk > DirectoryIndex index.htm index.html index.php > <Directory "/usr/home/xxxx/"> > Options -Indexes > AllowOverride All > AuthType Basic > AuthName "Admin Area" > AuthUserFile "/usr/home/xxxx/.htpasswd > Require valid-user > </Directory> > </VirtualHost> > > > Can anyone tell me is this pretty good security and setup correctly?. > Would i be better putting the above config into a htaccess file rather > than the main httpd.conf ? > Anything i should change?. > > Thank you > Andy > > > > > > Your configuration does not require an .htaccess file. All of your directives are in the httpd.conf file. In fact, the password does not go in the .htaccess file anyway, if used, it is in the stated .htpasswd file. My recommendation, however, is to not have your .htpasswd file in your /use/home/xxxx/ directory tree. Put it somewhere outside of the http space. ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups ----= East and West-Coast Server Farms - Total Privacy via Encryption =----