Note in the security docs that people should subscribe to the

announcements list.

PR: 14892

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97682 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en
index 009edd9d81954d49fd3d28813810221c7aae4919..3bdef8ed5068f5dec2d90f9bd884ea3f985aad9f 100644 (file)
--- a/docs/manual/misc/security_tips.html.en
+++ b/docs/manual/misc/security_tips.html.en
@@ -7,7 +7,26 @@
       --><title>Security Tips - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="manual-page"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Security Tips</h1>
     <p>Some hints and tips on security issues in setting up a web server. 
     Some of the suggestions will be general, others specific to Apache.</p>
-  </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions on ServerRoot Directories</a></li><li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li><li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI in General</a></li><li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li><li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li><li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li><li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li><li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li><li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="serverroot" id="serverroot">Permissions on ServerRoot Directories</a></h2>
+  </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Keep up to Date</a></li><li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions on ServerRoot Directories</a></li><li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li><li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI in General</a></li><li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li><li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li><li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li><li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li><li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li><li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="uptodate" id="uptodate">Keep up to Date</a></h2>
+
+    <p>The Apache HTTP Server has a good record for security and a
+    developer community highly concerned about security issues.  But
+    it is inevitable that some problems -- small or large -- will be
+    discovered in software after it is released.  For this reason, it
+    is crucial to keep aware of updates to the software.  If you have
+    obtained your version of the HTTP Server directly from Apache, we
+    highly recommend you subscribe to the <a href="http://httpd.apache.org/lists.html#http-announce">Apache
+    HTTP Server Announcements List</a> where you can keep informed of
+    new releases and security updates.  Similar services are available
+    from most third-party distributors of Apache software.</p>
+
+    <p>Of course, most times that a web server is compromised, it is
+    not because of problems in the HTTP Server code.  Rather, it comes
+    from problems in add-on code, CGI scripts, or the underlying
+    Operating System.  You must therefore stay aware of problems and
+    updates with all the software on your system.</p>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="serverroot" id="serverroot">Permissions on ServerRoot Directories</a></h2>
   
     
     
@@ -116,7 +135,7 @@
     
     
     <p>Allowing users to execute CGI scripts in any directory should only be 
-    considered if;</p>
+    considered if:</p>
     
     <ul>
       <li>You trust your users not to write scripts which will deliberately 

diff --git a/docs/manual/misc/security_tips.xml b/docs/manual/misc/security_tips.xml
index 0c6fcac83b9341d36eede8bbd9d93c5b4eab6f22..942674c229d310b0fa598927a001939079c6e930 100644 (file)
--- a/docs/manual/misc/security_tips.xml
+++ b/docs/manual/misc/security_tips.xml
@@ -13,6 +13,28 @@
     Some of the suggestions will be general, others specific to Apache.</p>
   </summary>
   
+  <section id="uptodate"><title>Keep up to Date</title>
+
+    <p>The Apache HTTP Server has a good record for security and a
+    developer community highly concerned about security issues.  But
+    it is inevitable that some problems -- small or large -- will be
+    discovered in software after it is released.  For this reason, it
+    is crucial to keep aware of updates to the software.  If you have
+    obtained your version of the HTTP Server directly from Apache, we
+    highly recommend you subscribe to the <a
+    href="http://httpd.apache.org/lists.html#http-announce">Apache
+    HTTP Server Announcements List</a> where you can keep informed of
+    new releases and security updates.  Similar services are available
+    from most third-party distributors of Apache software.</p>
+
+    <p>Of course, most times that a web server is compromised, it is
+    not because of problems in the HTTP Server code.  Rather, it comes
+    from problems in add-on code, CGI scripts, or the underlying
+    Operating System.  You must therefore stay aware of problems and
+    updates with all the software on your system.</p>
+
+  </section>
+
   <section id="serverroot">
   
     <title>Permissions on ServerRoot Directories</title>
@@ -131,7 +153,7 @@
     <title>Non Script Aliased CGI</title>
     
     <p>Allowing users to execute CGI scripts in any directory should only be 
-    considered if;</p>
+    considered if:</p>
     
     <ul>
       <li>You trust your users not to write scripts which will deliberately