Fedora Linux

Order , Allow , and Deny are directives that work together to define which remote users may access the directory. Order sets the order in which the Allow and Deny directives are used, and the value must be Allow,Deny or Deny,Allow (the default). The Allow and Deny directives accept a list of full or partial domain names, IP addresses, or IP addresses and netmask or network bit count.

For example, to enable access only from computers on your internal network, assuming your network is 12.200.X.X :

Order Allow,Deny
Allow from 12.200.0.0/16
Deny from all

On the other hand, you could enable access only from computers that are not in your internal network:

Order Deny,Allow
Deny from 12.200.0.0/255.255.0.0
Allow from all

Or you could exclude access from specific domains:

Order Deny,Allow
Deny from .gov ourcompetition.com
Allow from all

The AllowOverride directive enables the use of a hidden file, .htaccess , which may be placed in directories to override the configuration of that directory and subdirectories. Although there are several possible values for this directive, it is normally set to None (no overrides are permitted) or AuthConfig (the .htaccess file can control whether a user ID and password are required to access the content of that directory).

The next set of directory containers configure special permissions for the icon , cgi-bin , and error directories in /var/www :

<Directory '/var/www/icons'>
 Options Indexes MultiViews
 AllowOverride None
 Order Allow,Deny
 Allow from all
</Directory>
<Directory '/var/www/cgi-bin'>
 AllowOverride None
 Options None
 Order Allow,Deny
 Allow from all
</Directory>
<Directory '/var/www/error'>
 AllowOverride None
 Options IncludesNoExec
 AddOutputFilter Includes html
 AddHandler type-map var
 Order Allow,Deny
 Allow from all
 LanguagePriority en es de fr
 ForceLanguagePriority Prefer Fallback
</Directory>

These directories are not within the normal DocumentRoot and are instead made accessible through the use of Alias and ScriptAlias directives:

Alias /icons/ '/var/www/icons/'
ScriptAlias /cgi-bin/ '/var/www/cgi-bin/'
Alias /error/ '/var/www/error/'

These directives make the indicated directories appear to exist within the document tree; for example, a request for http://<hostname>/icons/text.png is fulfilled using the file /var/www/icons/text.png (instead of /var/www/html/icons/text.png ). This permits /var/www/html to remain uncluttered by icons, scripts, and error messages.

Since /cgi-bin/ is aliased using a ScriptAlias directive, it is assumed that all files in that directory are actually scripts (executable programs) rather than document files, regardless of their extension. In the default configuration, this is the only directory that may contain scripts, so you only have to look in one place to check for script vulnerabilities.

7.5.1.6.4. Enabling personal web pages

To permit each user to maintain her own web directory, find the UserDir section of httpd.conf:

<IfModule mod_userdir.c>
 #
 # UserDir is disabled by default since it can confirm the presence
 # of a username on the system (depending on home directory
 # permissions).
 #
 UserDir disable
 #
 # To enable requests to /~user/ to serve the user's public_html
 # directory, remove the 'UserDir disable' line above, and uncomment
 # the following line instead:
 #
 #UserDir public_html
</IfModule>

Comment out the line that reads UserDir disable and uncomment the line which reads UserDir public_html :

<IfModule mod_userdir.c>
 #
 # UserDir is disabled by default since it can confirm the presence