Apache configure some configuration of directory directory permissions

You can use the <directory directory path > and </Directory> to set permissions on the main directory or virtual directory, which are a pair of container statements that must appear in pairs that encapsulate the specific SET directory permission statement. These statements work only on the set directory and its subdirectories. The following is an example of setting directory permissions in the master configuration file.

<directory "/var/www/icons" >options Indexes multiviewsallowoverride noneorder allow,denyallow from all</ Directory>

(1) Define which features are used by the directory

Options Indexes MultiViews

The options option defines which features are used in the directory, including indexes, MultiViews, and execcgi, as shown in table 7-1.

Table 7-1 Directory feature options

tr>

	say      clear
indexes	Allow directory browsing When the customer specifies only the directory to access, but does not specify which file to access under the directory, and the default document does not exist under the directory, Apache returns a list of files and subdirectories in the directory as hypertext (the virtual directory does not appear in the directory list), and 7-8 shows
	More emphasis on allowing content negotiation the figure MultiViews is actually an intelligent feature of Apache. When a client accesses a nonexistent object in the directory, such as accessing "http://192.168.16.177/icons/a", Apache looks for all the a.* files in that directory. Because the A.gif file exists under the icons directory, Apache returns the A.gif file to the customer instead of returning an error message
all	a ll contains all the features except MultiViews, and if there is no options statement, the default is all
execcgi	Allow CGI scripts to be executed in this directory
You can use symbolic connections in this directory
	allow server side to include features
	Allow server-side include functionality, but disable execute CGI script

Let the home directory allow directory browsing

Careful users may find that although the Indexes permission is set in the home directory and the default document does not exist in the home directory, the directory list does not appear when accessed, and only the Apache test page appears. The solution to this problem is simple, as long as the welcome.conf file located in the/etc/httpd/conf.d/directory is deleted and then restarted Apache.

Allow Directory browsing be careful

Once the definition allows directory browsing, the Web site's folder and file name structure is exposed to hackers. Directory browsing also allows hackers to browse files and master server configuration information, so specifying this permission often poses a security risk. Unless you have sufficient reason to use directory browsing, you should disable it.

(2) Set the instruction type in the. htaccess file

AllowOverride None

The allowoverride option defines the type of instruction that is located in each directory. htaccess (access control) files. For reasons of security and efficiency, although you can set access permissions for a directory through. htaccess, you should avoid using. htaccess files as much as possible, so allowoverride is generally set to "None", which is The. htaccess file is forbidden, and the settings for directory permissions are placed between the <Directory> and </Directory> statements in the main profile httpd.conf.

(3) Set the default access permissions and the order in which allow and deny statements are processed

Order Allow, deny

The order option defines the default access permissions and the order in which allow and deny statements are processed. Allow and deny statements can be set on the domain name or IP address of the client to determine which clients have access to the server. The order statement is typically set to one of the following two values.

Allow, deny: The default is to disallow access to all clients, and let statements are matched before the deny statement. If a condition matches both a deny statement and an allow statement, the Deny statement works (because the DENY statement overrides the Allow statement).

Deny, allow: All client access is allowed by default, and the DENY statement is matched before an allow statement. If a condition matches both a deny statement and an Allow statement, the Allow statement works (because the Allow statement overrides the Deny statement).
Here are some examples of how order, allow, and deny statements are used.

"Example 1" allows access to all clients.

Order Allow,denyallow from all

Example 2 allows access to all clients in addition to clients from the hacker.com domain and IP address 192.168.16.111.

Order deny, Allowdeny from Hacker.comdeny from 192.168.16.111

Example 3 only allows access from the network 192.168.16.0/24 client.

Order Allow,denyallow from 192.168.16.0/24

Contrast:

Order deny, Allowallow from 192.168.16.0/24

These two statements allow access to all clients.

Example 4 only allows access from a network 192.168.16.0/24 client, except for clients with an IP address of 192.168.16.111.

Order allow,denyallow from 192.168.16.0/24deny from 192.168.16.111 comparison: Order Deny, Allowallow from 192.168.16.0/24deny From 192.168.16.111

Because the Allow statement overrides the Deny statement, these 3 statements are allowed to be accessed by all clients

Apache configure some configuration of directory directory permissions