: What does "Require all granted" on Directory / (root) REALY means? (Apache 2.4 on CentOS7 im sure, this question looks really stupid first. but i need a "second opinion" on this, even i did
im sure, this question looks really stupid first. but i need a "second opinion" on this, even i did some research on my own but i am still unsure about this.
By default the Apache Configuration on CentOS7 and pretty much any Distro i know so far usually denies access recursively to the ROOT Filesystem (/) with a Directory Statement like this:
Default: /etc/httpd/conf/httpd.conf
<Directory />
AllowOverride none
Require all denied
</Directory>
Usually Followed by some Directory Statements (Blocks) that "relaxes" Permissions to the parts of the filesystem that contain html or other web server content.
Now i have to deal with "some Web App" from "some Company" lately that is requesting/requiring the following Change to the apache config file:
Requested by Software Company: /etc/httpd/conf/httpd.conf
<Directory />
AllowOverride none
Require all granted
</Directory>
This raised some red flag inside my mind and i tried to research this on the net. not yet found anything stating clearly what this configuration would effectively mean. But i would guess, this grants read access to pretty much any file on the whole Linux Server which can be read by usergroup "other" or the apache service account or service group. So if i am right, it would be a really really baaaaaad idea to ever do something like this on an internet webserver.
am i correct on this assumption? or am i missing something here?
thanks for any hint/tip/explaination on this!
best regards
Axel
More posts by @Megan663
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.