Chip 2004 November

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2004 November / CMCD1104.ISO / Software / Complet / Apache / apache_2.0.52-win32-x86-no_ssl.msi / Data.Cab / F277932_security_tips.xml.ko < prev next >

Wrap

Extensible Markup Language | 2004-05-07 | 12KB | 335 lines

<?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>   <manualpage metafile="security_tips.xml.meta"> <parentdocument href="./">Miscellaneous Documentation</parentdocument> <title>║╕╛╚ ╞┴</title> <summary> <p>└Ñ╝¡╣÷╕ª ┐ε┐╡╟╥╢º ╡╡┐≥└╠ ╡╔ ║╕╛╚ ░ⁿ╖├ ╚∙╞«┐═ ╞┴└╠┤┘. ╛ε╢▓ ░═└║ └╧╣▌└√└╠░φ, ╛ε╢▓ ░═└║ ╛╞╞──í┐í╕╕ ╟╪┤τ╟╧┤┬ ░═└╠┤┘.</p> </summary> <section id="uptodate"><title>├╓╜┼╞╟└╕╖╬ └»┴÷╟╧▒Γ</title> <p>╛╞╞──í └Ñ╝¡╣÷┤┬ ╛╚└ⁿ░· ║╕╛╚ ╣«┴ª┐í ░ⁿ╜╔└╠ ╕╣└║ ░│╣▀└┌ ░°╡┐├╝╖╬ └»╕φ╟╧┤┘. ▒╫╖»│¬ ┼⌐░╟ └█░╟ ╣▀╟Ñ╚─ ╣▀░▀╡╟┤┬ ╣«┴ª╡Θ└╗ ╟╟╟╥ ╝÷ ╛°┤┘. ▒╫╖í╝¡ ╝╥╟┴╞«┐■╛ε╕ª ├╓╜┼╣÷└ⁿ└╕╖╬ └»┴÷╟╧┤┬ ░═└╠ ┴▀┐Σ╟╧┤┘. ╛╞╞──í┐í╝¡ ┴≈┴ó └Ñ╝¡╣÷╕ª ┤┘┐ε╖╬╡σ╟▀┤┘╕Θ, ╗⌡╖╬┐ε ╣÷└ⁿ░· ║╕╛╚ ╛≈╡Ñ└╠╞«╕ª ╛╦╖┴┴╓┤┬ <a href="http://httpd.apache.org/lists.html#http-announce">╛╞╞──í └Ñ╝¡╣÷ ╣▀╟Ñ ╕▐└╧╕╡╕«╜║╞«</a>╕ª ▒╕╡╢╟╧▒µ ░¡╖┬╚≈ ▒╟╟╤┤┘. ╛╞╞──í ╝╥╟┴╞«┐■╛ε╕ª ╣Φ╞≈╟╧┤┬ ╕╣└║ ┴ª╗∩└┌╡Θ╡╡ ║±╜┴╟╤ ╝¡║±╜║╕ª ┴ª░°╟╤┤┘.</p> <p>╣░╖╨ └Ñ╝¡╣÷ ─┌╡σ╢º╣«┐í └Ñ╝¡╣÷░í ░°░▌└╗ ┤τ╟╧┤┬ ░µ┐∞┤┬ ╕╣┴÷ ╛╩┤┘. ▒╫║╕┤┘ ├▀░í ─┌╡σ, CGI ╜║┼⌐╕│╞«, ╟╧└º ┐ε┐╡├╝┴ª└╟ ╣«┴ª╖╬ ░°░▌└╗ ┤τ╟╧┤┬ ░µ┐∞░í ╕╣┤┘. ▒╫╖»╣╟╖╬ ╟╫╗≤ ┴╓└╟╟╧╕τ ╜├╜║┼█└╟ ╕≡╡τ ╝╥╟┴╞«┐■╛ε╕ª ╛≈╡Ñ└╠╞«╟╪╛▀ ╟╤┤┘.</p> </section> <section id="serverroot"> <title>ServerRoot ╡≡╖║┼Σ╕« ▒╟╟╤</title> <p>║╕┼δ root ╗τ┐δ└┌░í ╛╞╞──í╕ª ╜├└█╟╤ ╚─, ┐Σ├╗└╗ ╝¡║±╜║╟╧▒Γ└º╟╪ <directive module="mpm_common">User</directive> ┴÷╜├╛ε╖╬ ┴÷┴ñ╟╤ ╗τ┐δ└┌╖╬ ║»╚»╟╤┤┘. root░í ╜╟╟α╟╧┤┬ ╕φ╖╔╛ε░í └╓┤┘╕Θ, root └╠┐▄└╟ ╗τ┐δ└┌░í ╝÷┴ñ╟╧┴÷ ╕°╟╧╡╡╖╧ ┴╓└╟╟╪╛▀ ╟╤┤┘. └╠ ╞─└╧╡Θ└╗ root╕╕ ╛╡ ╝÷ └╓╛ε╛▀ ╟╧░φ, ╡≡╖║┼Σ╕«┐═ ╕≡╡τ ╗≤└º╡≡╖║┼Σ╕«╡╡ ╕╢┬∙░í┴÷┤┘. ┐╣╕ª ╡Θ╛ε, ServerRoot╖╬ /usr/local/apache╕ª ╗τ┐δ╟╤┤┘╕Θ root ╗τ┐δ└┌░í ┤┘└╜░· ░░└╠ ╡≡╖║┼Σ╕«╕ª ╕╕╡Θ▒µ ┴ª╛╚╟╤┤┘:</p> <example> mkdir /usr/local/apache <br /> cd /usr/local/apache <br /> mkdir bin conf logs <br /> chown 0 . bin conf logs <br /> chgrp 0 . bin conf logs <br /> chmod 755 . bin conf logs </example> <p>▒╫╖»╕Θ /, /usr, /usr/local └║ root╕╕└╠ ╝÷┴ñ╟╥ ╝÷ └╓┤┘. httpd ╜╟╟α╞─└╧└╗ ╝│─í╟╥╢º ┤┘└╜░· ░░└╠ ║╕╚ú╟╪╛▀ ╟╤┤┘:</p> <example> cp httpd /usr/local/apache/bin <br /> chown 0 /usr/local/apache/bin/httpd <br /> chgrp 0 /usr/local/apache/bin/httpd <br /> chmod 511 /usr/local/apache/bin/httpd </example> <p>htdocs ╟╧└º╡≡╖║┼Σ╕«┤┬ ┤┘╕Ñ ╗τ┐δ└┌╡Θ└╠ ╝÷┴ñ╟╥ ╝÷ └╓╡╡╖╧ ╕╕╡Θ ╝÷ └╓┤┘ -- root┤┬ ▒╫░≈┐í └╓┤┬ ╞─└╧└╗ ╜╟╟α╟╧┴÷╡╡, ╕╕╡Θ┴÷╡╡ ╛╩╛╞╛▀ ╟╤┤┘.</p> <p>root░í ╛╞┤╤ ╗τ┐δ└┌░í root░í ╜╟╟α╟╧░┼│¬ ╛▓▒Γ░í┤╔╟╤ ╞─└╧└╗ ╝÷┴ñ╟╥ ╝÷ └╓┤┘╕Θ ╜├╜║┼█└╟ root ▒╟╟╤└╗ ╚╔─Ñ ╝÷ └╓┤┘. ┐╣╕ª ╡Θ╛ε, ┤⌐▒║░í httpd ╜╟╟α╞─└╧└╗ ║»░µ╟╧┐┤┤┘╕Θ ┤┘└╜╣° ╜├└█╟╥╢º └╙└╟└╟ ─┌╡σ╕ª ╜╟╟α╟╧░╘ ╡╚┤┘. logs ╡≡╖║┼Σ╕«░í (root░í ╛╞┤╤ ╗τ┐δ└┌┐í░╘) ╛▓▒Γ░í┤╔╟╧┤┘╕Θ ┤⌐▒║░í ╖╬▒╫╞─└╧└╗ ┤┘╕Ñ ╜├╜║┼█╞─└╧╖╬ ╜╔║╝╕╡┼⌐╕ª ░╔╛ε╝¡ root░í ╞─└╧┐í └╙└╟└╟ └┌╖ß╕ª ╡ñ╛ε╛╡ ╝÷ └╓┤┘. ╖╬▒╫╞─└╧└╠ (root░í ╛╞┤╤ ╗τ┐δ└┌┐í░╘) ╛▓▒Γ░í┤╔╟╧┤┘╕Θ ┤⌐▒║░í ╖╬▒╫┐í └╠╗≤╟╤ └┌╖ß╕ª ▒Γ╖╧╟╥ ╝÷ └╓┤┘.</p> </section> <section id="ssi"> <title>Server Side Includes</title> <p>Server Side Includes (SSI)┤┬ ╝¡╣÷ ░ⁿ╕«└┌┐í░╘ ║╕╛╚╗≤ ╕ε░í┴÷ └ß└τ└√└╬ └º╟Φ└╠┤┘.</p> <p>├╣╣°┬░ └º╟Φ└║ ╝¡╣÷└╟ ║╬╟╧╕ª ┤├╕«┤┬ ┴í└╠┤┘. ╛╞╞──í┤┬ ╞─└╧┐í SSI ┴÷╜├╛ε░í └╓┤┬┴÷ ┐⌐║╬┐═ ░ⁿ░Φ╛°└╠ ╕≡╡τ SSI ╞─└╧└╗ ║╨╝«╟╪╛▀ ╟╤┤┘. ┴╢▒▌ ║╬╟╧░í ┤├┴÷╕╕, ╝¡╣÷╕ª ┐⌐╖» ╗τ╢≈└╠ ░░└╠ ╗τ┐δ╟╧┤┬ ╚»░µ┐í╝¡┤┬ ╜╔░ó╟╥ ╝÷ └╓┤┘.</p> <p>╢╟, SSI ╞─└╧└║ └╧╣▌└√└╬ CGI ╜║┼⌐╕│╞«┐═ ╡┐└╧╟╤ └º╟Φ└╗ ░í┴°┤┘. SSI ╞─└╧┐í╝¡ "exec cmd"╕ª ╗τ┐δ╟╧╕Θ httpd.conf┐í╝¡ ╛╞╞──í╕ª ╜╟╟α╟╧╡╡╖╧ ╝│┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞ ▒╟╟╤└╕╖╬ CGI ╜║┼⌐╕│╞«│¬ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┘.</p> <p>└σ┴í└╗ ╚░┐δ╟╧╕Θ╝¡ SSI ╞─└╧└╟ ║╕╛╚└╗ ╟Γ╗≤╜├┼░┤┬ ╣µ╣²└╠ └╓┤┘.</p> <p>SSI ╞─└╧└╠ ░í┴«┐├ ╝÷ └╓┤┬ ╟╟╟╪╕ª ░▌╕«╟╧▒Γ└º╟╪ ╝¡╣÷░ⁿ╕«└┌┤┬ <a href="#cgi">└╧╣▌└√└╬ CGI</a> └²┐í╝¡ ╝│╕φ╟╧┤┬ ╣µ╣²└╕╖╬ <a href="../suexec.html">suexec</a>╕ª ╗τ┐δ╟╥ ╝÷ └╓┤┘</p> <p>.html└╠│¬ .htm ╚«└σ└┌╕ª SSI ╞─└╧╖╬ ╗τ┐δ╟╧┤┬ ░═└║ └º╟Φ╟╧┤┘. ╞»╚≈ ┐⌐╖» ╗τ╢≈└╠ ░°└»╟╧░┼│¬ ┼δ╜┼╖«└╠ ╕╣└║ ╝¡╣÷ ╚»░µ┐í╝¡ └º╟Φ╟╧┤┘. SSI ╞─└╧└║ └╧╣▌└√└╕╖╬ ╕╣└╠ ╗τ┐δ╟╧┤┬ .shtml ░░└║ ║░╡╡└╟ ╚«└σ└┌╕ª ░í┴«╛▀ ╟╤┤┘. ▒╫╖»╕Θ ╝¡╣÷ ║╬╟╧╕ª ├╓╝╥╚¡╟╧░φ └º╟Φ┐Σ╝╥╕ª ╜▒░╘ ░ⁿ╕«╟╥ ╝÷ └╓┤┘.</p> <p>┤┘╕Ñ ╣µ╣²└║ SSI ╞Σ└╠┴÷░í ╜║┼⌐╕│╞«│¬ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╧┴÷ ╕°╟╧╡╡╖╧ ╕╕╡σ┤┬ ░═└╠┤┘. <directive module="core">Options</directive> ┴÷╜├╛ε┐í╝¡ <code>Includes</code> ┤δ╜┼ <code>IncludesNOEXEC</code>╕ª ╗τ┐δ╟╤┤┘. ▒╫╖í╡╡ ╜║┼⌐╕│╞«░í <directive module="mod_alias">ScriptAlias</directive> ┴÷╜├╛ε╖╬ ┴÷┴ñ╟╤ ╡≡╖║┼Σ╕«┐í └╓┤┘╕Θ <--#include virtual="..." -->╕ª ╗τ┐δ╟╧┐⌐ CGI ╜║┼⌐╕│╞«╕ª ╜╟╟α╟╥ ╝÷ └╓└╜└╗ ┴╓└╟╟╧╢≤.</p> </section> <section id="cgi"> <title>└╧╣▌└√└╬ CGI</title> <p>░ß▒╣ ┤τ╜┼└║ ╟╫╗≤ CGI ╜║┼⌐╕│╞«/╟┴╖╬▒╫╖Ñ└╟ └·└┌╕ª ╜┼╖┌╟╪╛▀ ╟╧░φ, ░φ└╟░╟ ╜╟╝÷└╠░╟ CGI└╟ └ß└τ└√└╬ ║╕╛╚╗≤ ╟π┴í└╗ ╣▀░▀╟╥ ╝÷ └╓╛ε╛▀ ╟╤┤┘. ▒Γ║╗└√└╕╖╬ CGI ╜║┼⌐╕│╞«┤┬ └Ñ╝¡╣÷ ╗τ┐δ└┌ ▒╟╟╤└╕╖╬ ╜├╜║┼█┐í╝¡ ╛ε╢▓ ╕φ╖╔╛ε╢≤╡╡ ╜╟╟α╟╥ ╝÷ └╓▒Γ╢º╣«┐í ┴╓└╟└╓░╘ ╚«└╬╟╧┴÷ ╛╩└╕╕Θ ╕┼┐∞ └º╟Φ╟╧┤┘.</p> <p>╕≡╡τ CGI ╜║┼⌐╕│╞«░í ░░└║ ╗τ┐δ└┌╖╬ ╜╟╟α╡╟▒Γ╢º╣«┐í ┤┘╕Ñ ╜║┼⌐╕│╞«┐═ (░φ└╟░╟ ╜╟╝÷└╠░╟) ├µ╡╣╟╥ ░í┤╔╝║└╠ └╓┤┘. ┐╣╕ª ╡Θ╛ε, ╗τ┐δ└┌ A┤┬ ╗τ┐δ└┌ B╕ª ╕┼┐∞ ╜╚╛ε╟╧┐⌐, ╗τ┐δ└┌ B└╟ CGI ╡Ñ└╠┼═║ú└╠╜║╕ª ┴÷┐÷╣÷╕«┤┬ ╜║┼⌐╕│╞«╕ª └█╝║╟╥ ╝÷ └╓┤┘. ╛╞╞──í 1.2 ╣÷└ⁿ║╬┼═ ╞≈╟╘╡╟╛·░φ ╛╞╞──í ╝¡╣÷┐í╝¡ ╞»║░╟╤ ╚┼(hook)└╕╖╬ ╡┐└█╟╧┤┬ <a href="../suexec.html">suEXEC</a>┤┬ ╜║┼⌐╕│╞«╕ª ┤┘╕Ñ ╗τ┐δ└┌╖╬ ╜╟╟α╟╧┤┬ ╣µ╣²┴▀ ╟╧│¬┤┘. ┤┘╕Ñ ┤δ┴▀└√└╬ ╣µ╣²┐í┤┬ <a href="http://cgiwrap.unixtools.org/">CGIWrap</a>└╠ └╓┤┘.</p> </section> <section id="nsaliasedcgi"> <title>ScriptAlias╟╧┴÷ ╛╩└║ CGI</title> <p>┤┘└╜ ┴╢░╟└╗ ╕╕┴╖╟╥╢º╕╕ ╗τ┐δ└┌░í ╛ε╢▓ ╡≡╖║┼Σ╕«┐í╝¡╢≤╡╡ CGI ╜║┼⌐╕│╞«╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╟╥ ╝÷ └╓┤┘:</p> <ul> <li>┤τ╜┼└║ ░φ└╟░╟ ╜╟╝÷└╠░╟ ╗τ┐δ└┌░í ╜├╜║┼█└╗ ░°░▌┐í │δ├Γ╜├┼░┤┬ ╜║┼⌐╕│╞«╕ª └█╝║╟╧┴÷ ╛╩┤┬┤┘░φ ╣╧┤┬┤┘.</li> <li>╜├╜║┼█└╟ ┤┘╕Ñ ║╬║╨└╟ ║╕╛╚└╠ ╛α╟╪╝¡, └ß└τ└√└╬ ╟π┴í└╗ ╟╧│¬ ┤⌡ ╕╕╡Θ╛ε╡╡ │¬║ⁿ┴· ░═└╠ ╛°┤┘░φ ╗²░ó╟╧┤┬ ░µ┐∞.</li> <li>╗τ┐δ└┌░í ╛°░φ, ╛╞╕╢ ╛╞╣½╡╡ ╝¡╣÷╕ª ╣µ╣«╟╧┴÷╛╩┤┬ ░µ┐∞.</li> </ul> </section> <section id="saliasedcgi"> <title>ScriptAlias╟╤ CGI</title> <p>╞»┴ñ ╡≡╖║┼Σ╕«┐í╝¡╕╕ CGI╕ª ╜╟╟α╟╥ ╝÷ └╓╡╡╖╧ ┴ª╟╤╟╧╕Θ ░ⁿ╕«└┌┤┬ └╠╡Θ ╡≡╖║┼Σ╕«╕ª ┼δ┴ª╟╥ ╝÷ └╓┤┘. └╠ ░µ┐∞┤┬ scriptalias╟╧┴÷ ╛╩└║ CGI║╕┤┘ ╚«╜╟╚≈ ╛╚└ⁿ╟╧┤┘. ┤▄, ╜┼╖┌╟╧┤┬ ╗τ┐δ└┌╕╕ ╡≡╖║┼Σ╕«┐í ┴ó▒┘╟╥ ╝÷ └╓░φ, ░ⁿ╕«└┌░í ╗⌡╖╬┐ε CGI ╜║┼⌐╕│╞«/╟┴╖╬▒╫╖Ñ└╟ └ß└τ└√└╬ ║╕╛╚╗≤ ╟π┴í└╗ ░╦╗τ╟╥ ┐δ└╠░í └╓┤┘╕Θ.</p> <p>┤δ║╬║╨└╟ ╗τ└╠╞«┤┬ scriptalias╟╧┴÷ ╛╩└║ CGI ╣µ╜─ ┤δ╜┼ └╠ ╣µ╜─└╗ ╗τ┐δ╟╤┤┘.</p> </section> <section id="dynamic"> <title>╡┐└√ │╗┐δ└╗ ╗²╝║╟╧┤┬ ┤┘╕Ñ ╣µ╣²</title> <p> mod_php, mod_perl, mod_tcl, mod_python ░░└╠ ╝¡╣÷└╟ └╧║╬╖╬ ╡┐└█╟╧┤┬ └╙║ú╡≡╡σ ╜║┼⌐╕│╞«┤┬ ╝¡╣÷┐═ ░░└║ ╗τ┐δ└┌╖╬ (<directive module="mpm_common">User</directive> ┴÷╜├╛ε ┬ⁿ░φ) ╜╟╟α╡╟▒Γ╢º╣«┐í, ╜║┼⌐╕│╞« ┐ú┴°└╠ ╜╟╟α╟╧┤┬ ╜║┼⌐╕│╞«┤┬ └ß└τ└√└╕╖╬ ╝¡╣÷ ╗τ┐δ└┌░í ┴ó▒┘╟╥ ╝÷ └╓┤┬ ╕≡╡τ ░═┐í ┴ó▒┘╟╥ ╝÷ └╓┤┘. ╛ε╢▓ ╜║┼⌐╕│╞« ┐ú┴°└║ ╛ε┤└┴ñ╡╡ ┴ª╟╤└╗ ╟╧┴÷╕╕, ╛╚└ⁿ╟╧┤┘░φ ░í┴ñ╟╧┴÷ ╛╩┤┬ ░═└╠ ┴┴┤┘.</p> </section> <section id="systemsettings"> <title>╜├╜║┼█ ╝│┴ñ ║╕╚ú╟╧▒Γ</title> <p>┴ñ╕╗╖╬ ╛╚└ⁿ╟╤ ╝¡╣÷╕ª ┐ε┐╡╟╧╖┴╕Θ ╗τ┐δ└┌░í <code>.htaccess</code> ╞─└╧└╗ ╗τ┐δ╟╧┐⌐ ┤τ╜┼└╠ ╝│┴ñ╟╤ ║╕╛╚▒Γ┤╔└╗ ║»░µ╟╧▒µ ╣┘╢≤┴÷ ╛╩└╗ ░═└╠┤┘. ▒╫╖»▒Γ└º╟╪ ┤┘└╜░· ░░└║ ╣µ╣²└╠ └╓┤┘.</p> <p>╝¡╣÷ ╝│┴ñ╞─└╧┐í ┤┘└╜└╗ ├▀░í╟╤┤┘</p> <example> <Directory /> <br /> AllowOverride None <br /> </Directory> </example> <p>▒╫╖»╕Θ ╗τ┐δ░í┤╔╟╧╡╡╖╧ ╕φ╜├└√└╕╖╬ ╟π┐δ╟╤ ╡≡╖║┼Σ╕«╕ª ┴ª┐▄╟╧░φ┤┬ <code>.htaccess</code> ╞─└╧└╗ ╗τ┐δ╟╥ ╝÷ ╛°┤┘.</p> </section> <section id="protectserverfiles"> <title>▒Γ║╗└√└╕╖╬ ╝¡╣÷┐í └╓┤┬ ╞─└╧ ║╕╚ú╟╧▒Γ</title> <p>╗τ╢≈╡Θ└║ ┴╛┴╛ ╛╞╞──í└╟ ▒Γ║╗ ┴ó▒┘┐í ┤δ╟╪ └▀╕° ╛╦░φ└╓┤┘. ┴∩, ╝¡╣÷░í └╧╣▌└√└╬ URL ┤δ└└ ▒╘─ó└╗ ╗τ┐δ╟╧┐⌐ ╞─└╧└╗ ├ú└╗ ╝÷ └╓┤┘╕Θ, ╞»║░╚≈ ┴╢─í╕ª ╟╧┴÷ ╛╩┤┬╟╤ ┼¼╢≤└╠╛≡╞«┐í░╘ ╞─└╧└╠ ╝¡║±╜║╡╔ ╝÷ └╓┤┘.</p> <p>┐╣╕ª ╡Θ╛ε, ╛╞╖í┐═ ░░└║ ░µ┐∞:</p> <example> # cd /; ln -s / public_html <br /> <code>http://localhost/~root/</code> ┐í ┴ó▒┘╟╤┤┘ </example> <p>▒╫╖»╕Θ ┼¼╢≤└╠╛≡╞«┤┬ └ⁿ├╝ ╞─└╧╜├╜║┼█└╗ ╡╣╛╞┤┘┤╥ ╝÷ └╓┤┘. └╠╕ª ╕╖▒Γ└º╟╪ ╝¡╣÷╝│┴ñ┐í╝¡ ┤┘└╜░· ░░└║ ┴╢─í╕ª ╟╤┤┘:</p> <example> <Directory /> <br /> Order Deny,Allow <br /> Deny from all <br /> </Directory> </example> <p>▒╫╖»╕Θ ╞─└╧╜├╜║┼█ └º─í┐í ┤δ╟╪ ▒Γ║╗ ┴ó▒┘└╠ ░┼║╬╡╚┤┘. ┐°╟╧┤┬ ┐╡┐¬┐í ┴ó▒┘╟╥ ╝÷ └╓╡╡╖╧ ┤┘└╜░· ░░└║ <directive module="core">Directory</directive> ║φ╖╧└╗ ├▀░í╟╤┤┘.</p> <example> <Directory /usr/users/*/public_html> <br /> Order Deny,Allow <br /> Allow from all <br /> </Directory> <br /> <Directory /usr/local/httpd> <br /> Order Deny,Allow <br /> Allow from all <br /> </Directory> </example> <p><directive module="core">Location</directive>░· <directive module="core">Directory</directive> ┴÷╜├╛ε╕ª ░░└╠ ╗τ┐δ╟╧┤┬ ░µ┐∞ ╞»║░╚≈ ┴╓└╟╕ª ▒Γ┐∩┐⌐╢≤. ┐╣╕ª ╡Θ╛ε, <code><Directory /></code>░í ┴ó▒┘└╗ ░┼║╬╟╧┤⌡╢≤╡╡ <code><Location /></code> ┴÷╜├╛ε░í └╠╕ª ╣½╜├╟╥ ╝÷ └╓┤┘</p> <p><directive module="mod_userdir">UserDir</directive> ┴÷╜├╛ε╕ª ╗τ┐δ╟╧┤┬ ░µ┐∞┐í╡╡ ┴╓└╟╟╧╢≤. ┴÷╜├╛ε╕ª "./" ░░└╠ ╝│┴ñ╟╧╕Θ root ╗τ┐δ└┌┐í ┤δ╟╪ ╣┘╖╬ └º└╟ ░µ┐∞┐═ ░░└║ ╣«┴ª░í ╣▀╗²╟╤┤┘. ╛╞╞──í 1.3 └╠╗≤└╗ ╗τ┐δ╟╤┤┘╕Θ ╝¡╣÷ ╝│┴ñ╞─└╧┐í ╛╞╖í ┴┘└╗ ├▀░í╟╧▒µ ░¡╖┬╚≈ ▒╟╟╤┤┘:</p> <example> UserDir disabled root </example> </section> <section id="watchyourlogs"> <title>╖╬▒╫ ╗∞╞∞║╕▒Γ</title> <p>╜╟┴ª╖╬ ╝¡╣÷┐í╝¡ ╣½╜╝ └╧└╠ └╓╛ε│¬░φ └╓┤┬┴÷ ╛╦╖┴╕Θ <a href="../logs.html">╖╬▒╫╞─└╧</a>└╗ ╗∞╞∞║┴╛▀ ╟╤┤┘. ╖╬▒╫╞─└╧└║ └╠╣╠ └╧╛ε│¡ └╧╕╕└╗ ║╕░φ╟╧┴÷╕╕, ╝¡╣÷┐í ╛ε╢▓ ░°░▌└╠ └╓╛·┤┬┴÷ ╛╦╖┴┴╓░φ ╟÷└τ ╟╩┐Σ╟╤ ╕╕┼¡ ╛╚└ⁿ╟╤┴÷ ╚«└╬╟╧░╘ ╟╪┴╪┤┘.</p> <p>┐⌐╖»░í┴÷ ┐╣:</p> <example> grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> grep "client denied" error_log | tail -n 10 </example> <p>├╣╣°┬░ ┐╣┤┬ <a href="http://online.securityfocus.com/bid/4876/info/">└▀╕°╡╚ Source.JSP ┐Σ├╗└╕╖╬ ╝¡╣÷┴ñ║╕╕ª ╛╦╛╞│╛ ╝÷ └╓┤┬ Tomcat└╟ ├δ╛α┴í</a>╕ª └╠┐δ╟╧╖┴┤┬ ░°░▌ ╚╜╝÷╕ª ╛╦╖┴┴╓░φ, ╡╬╣°┬░ ┐╣┤┬ ┴ó▒┘└╠ ░┼║╬╡╚ ├╓▒┘ ┼¼╢≤└╠╛≡╞« 10░│╕ª ┤┘└╜░· ░░└╠ ║╕┐⌐┴╪┤┘:</p> <example> [Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied by server configuration: /usr/local/apache/htdocs/.htpasswd </example> <p>└▀ ╛╦ ╡φ└╠ ╖╬▒╫╞─└╧└║ └╠╣╠ ╣▀╗²╟╤ ╗τ░╟╕╕└╗ ║╕░φ╟╤┤┘. ▒╫╖í╝¡ ┼¼╢≤└╠╛≡╞«░í <code>.htpasswd</code> ╞─└╧┐í ┴ó▒┘╟╥ ╝÷ └╓╛·┤┘╕Θ <a href="../logs.html#accesslog">┴ó▒┘ ╖╬▒╫</a>┐í ┤┘└╜░· ░░└║ ▒Γ╖╧└╠ │▓└╗ ░═└╠┤┘:</p> <example> foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" </example> <p>┴∩, ┤τ╜┼└║ ╝¡╣÷ ╝│┴ñ╞─└╧┐í╝¡ ┤┘└╜ ║╬║╨└╗ ┴╓╝«├│╕«╟▀└╗ ░═└╠┤┘:</p> <example> <Files ~ "^\.ht"> <br /> Order allow,deny <br /> Deny from all <br /> <Files> </example> </section> </manualpage>