User guide

Security Measures for Operation of the Web Server (Interstage HTTP Server)

2-7

LoadModule rewrite_module libexec/mod_rewrite.so

AddModule mod_rewrite.c

ServerName virt.example.com

ServerAdmin webmaster@virt.example.com

RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^TRACE

RewriteRule .* - [F]

...

</VirtualHost>

Threat that the UNIX account name will be discovered

There is always a risk that a UNIX account name on the Web server will be discovered on the network

by a user (or machine) with malicious intent.

To counter this kind of threat, it is recommended that the settings in the Interstage HTTP Server

environment settings file (httpd.conf) are made as shown below. These settings will disable requests to

documents under the UNIX account user home directory.

LoadModule userdir_module libexec/mod_userdir.so

AddModule mod_userdir.c

UserDir disabled

Note

A hash mark (#) can be added to the start of the LoadModule and AddModule directives to make the line

a comment.

To make a document under the UNIX account user home directory public, configure the following

settings:

• Set the access authority in the home directory to be made public for access from the Web server.

• Disable the user directory settings for users that are not going to be made public.

An example of disabling the user directory settings for users that are not going to be made public is

shown below.

Example:

Making “user1” and “user2” documents under “user home directory/public_html” public.

UserDir public_html

UserDir disabled

UserDir enabled user1 user2