I have tried reading the manual although to be honest I am still finding it hard to understand and get my head around what the Order/Allow actually does and what should be the default settings for web server.
I have the following default config, where I have turned off .htaccess and symbolic links.
Although I am not really sure what the Order Allow,Deny and Allow from all actually does? Should I change this to Allow from 127.0.0.1?
<Directory />
Options -Indexes -FollowSymLinks MultiViews
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Additionally do I need the below <Files> or is there a better way of writing this for apache?
<Directory /var/www/example/subdomains/dev/public/webapp>
RewriteEngine Off
<Files *>
order allow,deny
deny from all
</Files>
<FilesMatch "\.(png|gif|jpe?g|png|css|js|swf|ps|flv)$">
order allow,deny
allow from all
</FilesMatch>
</Directory>
Order Allow,Denymeans that theAllowrules are processed before theDenyrules. If client doesn't match theAllowrules or it does match theDenyrule, it will be denied access.So,
means that any client can access to your web server.
You already did that with
AllowOverride NoneandOptions -FollowSymLinksThis config did the following:
webappfolder except for images, js, swf, ...Pay attention to:
it tells Apache to deny any access.