1.3.2 versions of conf files

1 files changed, 27 insertions, 2 deletions

diff --git a/usr.sbin/httpd/conf/access.conf b/usr.sbin/httpd/conf/access.conf
index 94630fd115c..96cafc8a289 100644
--- a/usr.sbin/httpd/conf/access.conf
+++ b/usr.sbin/httpd/conf/access.conf
@@ -10,6 +10,19 @@
 
 # Originally by Rob McCool
 
+# First, we configure the "default" to be a very restrictive set of 
+# permissions.  
+
+<Directory />
+Options FollowSymLinks
+AllowOverride None
+</Directory>
+
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+
 # This should be changed to whatever you set DocumentRoot to.
 
 <Directory /var/www/htdocs>
@@ -18,7 +31,7 @@
 # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
 
 # Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you (or at least, not yet).
+# doesn't give it to you.
 
 Options Indexes FollowSymLinks
 
@@ -35,7 +48,7 @@ allow from all
 
 </Directory>
 
-# /usr/local/etc/httpd/cgi-bin should be changed to whatever your ScriptAliased
+# @@ServerRoot@@/cgi-bin should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 
 <Directory /var/www/cgi-bin>
@@ -54,6 +67,18 @@ Options None
 #allow from .your_domain.com
 #</Location>
 
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".your_domain.com" to match your domain to enable.
+
+#<Location /server-info>
+#SetHandler server-info
+
+#order deny,allow
+#deny from all
+#allow from .your_domain.com
+#</Location>
+
 # There have been reports of people trying to abuse an old bug from pre-1.1
 # days.  This bug involved a CGI script distributed as a part of Apache.
 # By uncommenting these lines you can redirect these attacks to a logging