One, the following sets the access alias of the Apche manual:
Set access permissions for the/var/www/manual directory
Alias/manual "/var/www/manual" <directory "/var/www/manual" > Options Indexes followsymlinks multiviews AllowOv Erride None Order Allow,deny allow from all </Directory>
The above settings can be accessed manual this directory and all files under the directory, if you do not want to access this directory files can be set to options-indexes followsymlinks multiviews//or write as "Options FollowSymLinks MultiViews "
To prevent the manual directory from being detected as a column directory vulnerability, you need to restrict its access to the following workarounds:
Second, set Apche manual directory is not allowed to be accessed:
Alias/manual "/var/www/manual" <directory "/var/www/manual" > Options followsymlinks multiviews All Owoverride None Order Deny,allow deny from all </Directory>
How does Apache tomcat protect against directory traversal vulnerabilities?
1. Edit Apache's httpd.conf
Find the Indexs in "Options Indexes multiviews" and Change to "options MultiViews".
2. Edit Tomcat's conf/web.xml to find
<servlet> <servlet-name>default</servlet-name > <servlet-class> org.apache.catalina.servlets.defaultservlet</servlet-class> <init-param> <param-name>debug</param-name> <param-value>0</param-value> </init-param> <init-param> <param-name>listings</param-name> <param-value>false</param-value> </init-param> <load-on-startup >1</load-on-startup> </servlet>
Change the true of this line to false.
When you are finished editing, remember to restart the appropriate service to take effect.
This article is from "Operation and maintenance record Mei Ling" blog, please be sure to keep this source http://meiling.blog.51cto.com/6220221/1977352
httpd Manual Column Directory Vulnerability