[Pkg-apache-commits] [SCM] Debian packaging for apache2 (Apache HTTPD 2.x) branch, master, updated. debian/2.2.22-3-13-g4a6bd73
Stefan Fritsch
sf at sfritsch.de
Mon May 28 19:35:52 UTC 2012
The following commit has been merged in the master branch:
commit 8c5da9bb565c03ac2f7f23f07ff8fc94e7c5e5db
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Apr 14 22:28:38 2012 +0200
Add section to security.conf that shows how to forbid access to VCS
directories.
Cherry-picked from 079884705c476565662537c2d6b221bb1c2330d4
Conflicts:
debian/changelog
debian/config-dir/apache2.conf
diff --git a/debian/changelog b/debian/changelog
index ac1b8ee..d06a0bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,8 @@ apache2 (2.2.22-6) UNRELEASED; urgency=low
* Use "dh --with autotools_dev" instead of patching config.sub/config.guess.
* Change compiled-in document root to /var/www, to avoid strange error
messages.
+ * Add section to security.conf that shows how to forbid access to VCS
+ directories. Closes: #548213
-- Stefan Fritsch <sf at debian.org> Mon, 28 May 2012 20:02:19 +0200
diff --git a/debian/config-dir/conf.d/security b/debian/config-dir/conf.d/security
index 081d77e..5faf17f 100644
--- a/debian/config-dir/conf.d/security
+++ b/debian/config-dir/conf.d/security
@@ -49,3 +49,13 @@ ServerSignature On
TraceEnable Off
#TraceEnable On
+#
+# Forbid access to version control directories
+#
+# If you use version control systems in your document root, you should
+# probably deny access to their directories. For example, for subversion:
+#
+#<DirectoryMatch "/\.svn">
+# Require all denied
+#</DirectoryMatch>
+
--
Debian packaging for apache2 (Apache HTTPD 2.x)
More information about the Pkg-apache-commits
mailing list