0

I have a virtual host which has access to a directory outside of its document root. In the config for this host I specify the directory directive to allow access to this directory.

<Directory /path/to/shared/>
Options -Indexes
AllowOverride All
Order allow,deny 
allow from all  
</Directory>

The kind of files in this directory are things like images, ssi, facebook apps and some php scripts.

My question is, is this directive secure enough or do i need to add anything else?

Also, what is the ideal permissions for /shared

Thanks in anticipation

rix
  • 35
  • 1
  • 1
  • 4

1 Answers1

0

From the webserver's perspective it is fine. Next step would be to check the directory permissions and set them accordingly (restrict access to it for the webserver process owner).

Update: Not sure if you really need AllowOverride All as this can hit you in the face with a .htaccess-file inside the directory. I'd suggest you read up here to figure out what you really need. If you don't need .htaccess at all, just set it to AllowOverride None

Chris
  • 1,185
  • 2
  • 9
  • 18