--- admin-serv/config/httpd.conf 3 Nov 2005 23:20:49 -0000 1.6
+++ admin-serv/config/httpd.conf 7 Dec 2005 04:11:38 -0000
@@ -243,19 +243,20 @@
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
-#
- Order allow,deny
- Allow from all
+# By default, no one may access anything
+# Access must be explicitly granted in admserv.conf
+ Order deny,allow
+ Deny from all
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
--- admin-serv/config/admserv.conf 19 Nov 2005 00:43:02 -0000 1.11
+++ admin-serv/config/admserv.conf 6 Dec 2005 18:38:57 -0000
@@ -20,24 +20,63 @@
#
# To get the Admin Express working properly, add the following to
# apache, either directly or thru an Include /path/to/this.conf
SetEnv NETSITE_ROOT /opt/fedora-ds
SetEnv ADMSERV_ROOT /opt/fedora-ds/admin-serv/config/
ADMCacheLifeTime 600
-ADMServerVersionString "Fedora-Administrator/1.0"
+ADMServerVersionString "Fedora-Administrator/1.0.1"
ScriptAlias /clients/orgchart/bin/ "/opt/fedora-ds/clients/orgchart/bin/"
ScriptAlias /clients/dsgw/bin/ "/opt/fedora-ds/clients/dsgw/bin/"
ScriptAlias /bin/admin/admin/bin/ "/opt/fedora-ds/bin/admin/admin/bin/"
ScriptAlias /dist/ "/opt/fedora-ds/dist/"
ScriptAlias /manual/help/ /opt/fedora-ds/manual/help/
+# all access is explicitly denied by default in httpd.conf
+# the following Directory directives turn on access for specific
+# directories
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+
+ AllowOverride None
+ Options None
+ Order allow,deny
+ Allow from all
+
+
+# enable access for CGI progs/scripts
AllowOverride None
Options None
Order allow,deny
Allow from all
@@ -64,52 +103,62 @@
# Handle the initial login
SetHandler user-auth
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
+ Order allow,deny
+ Allow from all
# Handle Other Console tasks
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
AdminSDK on
Options +ExecCGI
+ Order allow,deny
+ Allow from all
# Handle Admin Express
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
AdminSDK on
NESCompatEnv on
Options +ExecCGI
+ Order allow,deny
+ Allow from all
# Handle internal commands
AuthUserFile /opt/fedora-ds/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
+ Order allow,deny
+ Allow from all
# Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd
# need to add instance creation because you may want to create an instance
# of DS on a low port, and instance creation starts the instance as well
AuthUserFile /home/rich/72srv/admin-serv/config/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
## turn off the password pipe when using mod_restartd
AdminSDK off
Options +ExecCGI
RetainPerms on
+ Order allow,deny
+ Allow from all