This example doesn't really do what it claims. Instead, lets make it simpler

by discussing ONLY the .htaccess issue.  The other issue is covered by the
next example.

PR: 9523

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92933 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html
index 5312228aad6ea033651482001cc8bc40692a3f28..a0910dc62ed84245e69cf6a5e47270a37919b931 100644 (file)
--- a/docs/manual/misc/security_tips.html
+++ b/docs/manual/misc/security_tips.html
@@ -201,22 +201,20 @@
     <p>To run a really tight ship, you'll want to stop users from
     setting up <code>.htaccess</code> files which can override
     security features you've configured. Here's one way to do
-    it...</p>
+    it.</p>
 
     <p>In the server configuration file, put</p>
 
     <blockquote>
       <code>&lt;Directory /&gt;<br />
        AllowOverride None<br />
-       Options None<br />
-       Allow from all<br />
        &lt;/Directory&gt;<br />
       </code>
     </blockquote>
     Then setup for specific directories
 
-    <p>This stops all overrides, Includes and accesses in all
-    directories apart from those named.</p>
+    <p>This prevents the use of <code>.htaccess</code> files in all
+    directories apart from those specifically enabled.</p>
     <hr />
 
     <h2><a id="protectserverfiles" name="protectserverfiles">