Show
Ignore:
Timestamp:
29.11.2012 14:11:56 (7 years ago)
Author:
ak19
Message:

Kathy said that the apache server really only needs to give access to the collect and web folders (and cgi-bin for remote scripts), and that the rest of GS2 can just be inaccessible. This will deny access to the user databases too and the apache logs. Still need to test as a remote GS against a client-GLI, then will commit the windows version.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/packages/apache-httpd/httpd.conf.in

    r26512 r26541  
    436436  </Directory>   
    437437   
    438   Alias /greenstone "**GSDLHOME**" 
    439   <Directory "**GSDLHOME**"> 
    440      Options Indexes MultiViews FollowSymLinks 
    441      AllowOverride None 
    442      Order deny,allow 
    443      **CONNECTPERMISSION** from all 
    444      Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost 
     438  # Deny access to all except collect and web folder 
     439  <Directory /> 
     440    Order Deny,Allow 
     441    Deny from all 
    445442  </Directory> 
    446443 
    447 # Deny access to users.gdb (and other gdb files) 
    448 # Tested with remote GS2 server on Windows against linux client 
    449 # If any issues, can try appending the line:  
    450 #   Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost 
    451   <FilesMatch "\.gdb"> 
    452      Order deny,allow 
    453      Deny from all 
    454   </FilesMatch> 
     444  Alias /greenstone/web "**GSDLHOME**/web" 
     445  <Directory "**GSDLHOME**/web"> 
     446    Order Deny,Allow 
     447    **CONNECTPERMISSION** from all 
     448    Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost 
     449  </Directory>