From: dgaudet <dgaudet@unknown>
Date: Sun, 16 Mar 1997 23:34:02 +0000 (+0000)
Subject: Add security notes about protecting /, and avoiding "UserDir ./".
X-Git-Tag: APACHE_1_2b8~12
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dc7486d62d452dbc006c1ec76023d6107e53bb93;p=apache

Add security notes about protecting /, and avoiding "UserDir ./".

Submitted by:	Ken Coar
Obtained from:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@77725 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html
index f638e2b16d..4a730f8636 100644
--- a/docs/manual/misc/security_tips.html
+++ b/docs/manual/misc/security_tips.html
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 <HTML>
 <HEAD>
-<TITLE>Apache HTTP Server Documentation</TITLE>
+<TITLE>Apache HTTP Server: Security Tips</TITLE>
 </HEAD>
 
 <BODY>
 <!--#include virtual="header.html" -->
-<H1>Security tips for server configuration</H1>
+<H1>Security Tips for Server Configuration</H1>
 
 <hr>
 
 <P>Some hints and tips on security issues in setting up a web server. Some of
-the suggestions will be general, other, specific to Apache
+the suggestions will be general, others specific to Apache.
 
 <HR>
 
@@ -21,7 +21,7 @@ server before switching to the user defined in the
 <a href="../mod/core.html#user"><b>User</b></a> directive.  Anyone who
 has write permission for the directory where any log files are
 being written to can append pseudo-arbitrary data to any file on the
-system which is writable to the user who starts Apache.  Since the
+system which is writable by the user who starts Apache.  Since the
 server is normally started by root, you should <EM>NOT</EM> give anyone
 write permission to the directory where logs are stored unless you
 want them to have root access. 
@@ -95,6 +95,75 @@ Then setup for specific directories<P>
 
 This stops all overrides, Includes and accesses in all directories apart
 from those named.<p>
+<HR>
+<H2>
+ Protect server files by default
+</H2>
+<P>
+One aspect of Apache which is occasionally misunderstood is the feature
+of default access.  That is, unless you take steps to change it, if the
+server can find its way to a file through normal URL mapping rules, it
+can serve it to clients.
+</P>
+<P>
+For instance, consider the following example:
+</P>
+<OL>
+ <LI><SAMP># cd /; ln -s / public_html</SAMP>
+ </LI>
+ <LI>Accessing <SAMP>http://localhost/~root/</SAMP>
+ </LI>
+</OL>
+<P>
+This would allow clients to walk through the entire filesystem.  To work
+around this, add the following block to your server's configuration:
+</P>
+<PRE>
+ &lt;Directory /&gt;
+     Order deny,allow
+     Deny from all
+ &lt;/Directory&gt;
+</PRE>
+<P>
+This will forbid default access to filesystem locations.  Add
+appropriate
+<A
+ HREF="../mod/core.html#directory"
+><SAMP>&lt;Directory&gt;</SAMP></A>
+blocks to allow access only
+in those areas you wish.  For example,
+</P>
+<PRE>
+ &lt;Directory /usr/users/*/public_html&gt;
+     Order deny,allow
+     Allow from all
+ &lt;/Directory&gt;
+ &lt;Directory /usr/local/httpd&gt;
+     Order deny,allow
+     Allow from all
+ &lt;/Directory&gt;
+</PRE>
+<P>
+Pay particular attention to the interactions of
+<A
+ HREF="../mod/core.html#location"
+><SAMP>&lt;Location&gt;</SAMP></A>
+and
+<A
+ HREF="../mod/core.html#directory"
+><SAMP>&lt;Directory&gt;</SAMP></A>
+directives; for instance, even if <SAMP>&lt;Directory /&gt;</SAMP>
+denies access, a <SAMP>&lt;Location /&gt;</SAMP> directive might
+overturn it.
+</P>
+<P>
+Also be wary of playing games with the
+<A
+ HREF="../mod/mod_userdir.html#userdir"
+>UserDir</A>
+directive; setting it to something like <SAMP>&quot;./&quot;</SAMP>
+would have the same effect, for root, as the first example above.
+</P>
 
 <HR>
 <P>Please send any other useful security tips to
diff --git a/docs/manual/mod/core.html b/docs/manual/mod/core.html
index dea4d54588..6c7cc14dbb 100644
--- a/docs/manual/mod/core.html
+++ b/docs/manual/mod/core.html
@@ -315,6 +315,30 @@ steps are:
 <li>Apply any FileInfo directives in <code>/home/web/.htaccess</code>
 </menu>
 
+<P>
+<STRONG>
+Note that the default Apache access for &lt;Directory /&gt; is
+<SAMP>Allow from All</SAMP>.  This means that Apache will serve any file
+mapped from an URL.  It is recommended that you change this with a block
+such as
+</STRONG>
+<PRE>
+ &lt;Directory /&gt;
+     Order Deny,Allow
+     Deny from All
+ &lt;/Directory&gt;
+</PRE>
+<P>
+<STRONG>
+and then override this for directories you <EM>want</EM> accessible.
+See the
+<A
+ HREF="../misc/security_tips.html"
+>Security Tips</A>
+page for more details.
+</STRONG>
+</P>
+
 The directory sections typically occur in the access.conf file, but they
 may appear in any configuration file. &lt;Directory&gt; directives cannot
 nest, and cannot appear in a <A HREF="#limit">&lt;Limit&gt;</A> section.
diff --git a/docs/manual/mod/mod_userdir.html b/docs/manual/mod/mod_userdir.html
index 91e996ead0..4511387c80 100644
--- a/docs/manual/mod/mod_userdir.html
+++ b/docs/manual/mod/mod_userdir.html
@@ -46,6 +46,23 @@ UserDir http://www.foo.com/*/usr   -> http://www.foo.com/bob/usr/one/two.html
 UserDir http://www.foo.com/~*/     -> http://www.foo.com/~bob/one/two.html
 </pre>
 
+<P>
+<STRONG>
+Be careful when using this directive; for instance, <SAMP>&quot;UserDir
+./&quot;</SAMP> would map <SAMP>&quot;/~root&quot;</SAMP> to
+<SAMP>&quot;/&quot;</SAMP> - which is probably undesirable.  See also
+the
+<A
+ HREF="core.html#directory"
+>&lt;Directory&gt;</A>
+directive and the
+<A
+ HREF="../misc/security_tips.html"
+>Security Tips</A>
+page for more information.
+</STRONG>
+</P>
+
 <!--#include virtual="footer.html" -->
 </BODY>
 </HTML>