I have a series of servers which I am upgrading from 2.0/2.2 to 2.4. The previous admins made rather a hash of various Options. I am confused because the 2.0/2.2 documentation say that Options All (which is "all but MultiViews") is the default, whereas in 2.4 the default has changed to FollowSymLinks. I am also confused about what are the relationship of the options for the parent directory vs the options for the child directory -- what gets inherited? This is my problem child...
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Options -Indexes MultiViews ExecCGI
AllowOverride None
Order allow,deny
Allow from all
Ok, this is 2.2, where the documentation definitely scolds you for mixing +/- with non+/- Options in the same line, but does start your server. So what are the options being set for /opt/apache/netegrity/webagent/pw/ in this code? Does the pw directory inherit FollowSymLinks and set MultiViews & ExecCGI, and the -Indexes is nonsense because Indexes isn't on anyway? If the second Options directive were only
Options MultiViews ExecCGI
would Indexes be turned on or not for /opt/apache/netegrity/webagent/pw/? What about FollowSymLinks? I know how this evolved -- that second Options directive started out created by the webagent installer, and was
Options Indexes MultiViews ExecCGI
but then the admins wanted to take Indexes away, so they stuck a minus sign in front of it. I think (if I'm reading the documentation correctly) that the way you turn indexes off is to just leave it out, not stick minus signs in.
So we come to the money question, which is how to port this from 2.2 to 2.4 syntax. Since the Options default is now FollowSymLinks rather than All, we can leave it out
AllowOverride none
Require all denied
right? And The CA people suggest this setting for /opt/apache/CA/webagent/pw/
Options Indexes MultiViews ExecCGI
AllowOverride None
Require all granted
So if we wanted to remove Indexes, do we just leave it off entirely, with no minused option?
Options MultiViews ExecCGI
AllowOverride None
Require all granted
And, the last question, is FollowSymLinks set for /opt/apache/CA/webagent/pw/ implicitly because it is set for ? Or is it only set if it appears on the Options line for /opt/apache/CA/webagent/pw/?
No comments:
Post a Comment