[PLUG] Ownership of /var/www on Ubuntu 8.04
Paul Heinlein
heinlein at madboa.com
Tue Nov 25 23:02:35 UTC 2008
On Tue, 25 Nov 2008, Carlos Konstanski wrote:
> There are probably a lot of different answers to this question. My
> answer is to never use the default apache DocumentRoot directly.
> Instead, I always make VirtualHost directives that point to
> DocumentRoots that lie deeper than /var/www.
There are a couple different reasons why I'd wholeheartedly agree with
Carlos' advice:
1. setting up virtual hosts from the get-go means that you can have
a staging or testing server to which to push changes before they
go live.
2. if you want to cut down on a *lot* of mischievous web traffic
-- assuming this web server is addressable via the Internet,
which might not be the case -- set the default (first)
virtualhost to deny all traffic. that way IP-based scanners
won't plague your site, only name-based HTTP 1.1 requests will
get through.
3. setting up virtual hosts with DocumentRoot directives pointing
to directories that are not maintained by the packaging system,
allows you to set permissions you know a package will never
overwrite. my new favorite is in /srv, which is the LSB-blessed
location for "site-specific data which is served by the system."
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG
mailing list