User Tools

Site Tools


security

This is an old revision of the document!


Security

WebDAV Readonly mode

Make sure to disable following methods in webserver.

# Disabled TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD
     <Directory /var/www/html >
        AuthType None
        Satisfy Any
        Allow from all
        RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD)
        RewriteRule .*$ - [F,L]
     </Directory>

cgi-bin precaution

Make sure none of the configuration files get printed as pain text.

<FilesMatch ".+(\.pm|\.conf|\.htaccess|\.gitignore|config)$">
    Require all denied
</FilesMatch>
security.1573485831.txt.gz · Last modified: 2019/11/11 15:23 by k2patel