Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sat Sep 09, 2017 12:30 pm 
Offline

Joined: Sat Sep 09, 2017 12:12 pm
Posts: 1
Hi,

I'm running Apache 2.4.18 on Ubuntu 16.04.03 LTS. I'm trying to further secure my web server, however, my problem is I can't find "var/www/html" in my conf. file, only "var/www/>"
Is "/html" deprecated in newer Apache versions or am I doing something wrong? I want to prevent clickjacking, XSS, and enable secure cookies primarily

Following this guide from a couple years ago: https://www.maketecheasier.com/securing ... -ubuntu-2/

If relevant, Wordpress is my web frontend.

Thanks


Top
   
PostPosted: Fri Sep 15, 2017 8:01 am 
Offline
Newbie

Joined: Fri Sep 15, 2017 7:56 am
Posts: 2
Stuck with the same issue. Following


Top
   
PostPosted: Tue Sep 26, 2017 5:27 pm 
Offline
Senior Newbie

Joined: Tue Sep 26, 2017 12:45 pm
Posts: 6
I am currently running Apache 2.4.27 on Fedora 27. the "/var/www/html" section is located in the config file under "/etc/httpd/conf/httpd.conf" for debian based distros the config file should be located "/etc/apache2/apache2.conf" I extracted the apache2.deb file and after checking the config file there is no "<Directory "/var/www/html">" section. You can add that section if you like. I have posted the section from my apache config that you can add to your "/etc/apache2/apache2.conf"
Code:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>


Top
   
PostPosted: Thu Nov 16, 2017 7:25 am 
Offline
Junior Member

Joined: Thu Nov 16, 2017 6:59 am
Posts: 34
On Ubuntu 16 the correct default location for HTML content is indeed /var/www/html.
Code:
root@xxx:/etc/apache2# rgrep '\/var\/www'
sites-available/000-default.conf:	DocumentRoot /var/www/html
sites-available/default-ssl.conf:		DocumentRoot /var/www/html
apache2.conf:# not allow access to the root filesystem outside of /usr/share and /var/www.
apache2.conf:<Directory /var/www/>
apache2.conf:<Directory /var/www/html/>
If the above command does not produce a similar result you are using either heavily modified or outdated aoache configuration.

_________________
- emestee,
Lord System Administrator


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
RSS

Powered by phpBB® Forum Software © phpBB Group