Date: Fri, 17 Dec 1999 17:40:55 +0100 (CET) From: Christian Kratzer <ck@toplink.net> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: "Paul Stewart (Premier Networks)" <paul@premier-networks.com>, freebsd-isp@FreeBSD.ORG Subject: Re: Frontpage 2000 Security Problem Message-ID: <Pine.BSF.4.10.9912171738530.85229-100000@babylon.toplink.net> In-Reply-To: <012501bf475b$f6793d80$8dfee0d1@westbend.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, 15 Dec 1999, Scot W. Hetzel wrote: > From: "Paul Stewart (Premier Networks)" <paul@premier-networks.com> > > We recently upgraded into FP2000 extensions.... everything works fine > > now except we just added a NEW site and the password is never required > > to access the site.... > > > > check the httpd.conf file and make sure you have: > > <Directory /location/of/new/site> > : > AllowOverride AuthConfig Limit Indexes Options > : > </Directory > > These are the minimal settings needed by the FP Exts in order for them to > function properly. The FP2K documentation recommends setting AllowOverride > to ALL, but that gives users too much control (they can execute any program > they wish). I think "AllowOverride Options" also enables "Options ExecCGI" which is allows you to execute arbitary commands from your document root. We patched apache to allow for an "Options None" even though there was no AllowOverride Options for the directory. At least fp98 used to put Options None into the .htaccess files making it necessary to add AllowOverride Options. ;-( Greetings Christian -- TopLink Internet Services GmbH ck@171.2.195.in-addr.arpa Christian Kratzer http://www.toplink.net/ Phone: +49 7032 2701-0 Fax: +49 7032 2701-19 FreeBSD spoken here! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9912171738530.85229-100000>