User guide

Chapter 2: Security Measures
2-8
Making all documents, except for “user3” and “user4”, under “user home directory/public_html” public.
UserDir public_html
UserDir disabled user3 user4
Notes:
If just “UserDir public_html” is specified, when the "http://host name[:port number]/~user" request is
received, the status code that is returned when the user name is specified as “user” depends on
whether the user exists in the UNIX server. For this reason, the UNIX account name on the Web server
might be discovered. These status codes are shown below.
“user” does not exist:
The “404 Not Found” status code is returned.
“user” exists:
The “403 Forbidden” status code is returned.
This status code is returned because, although “user” exists, access authority for access from the
Web server for this user has not been set in the home directory. Specify users that can execute the
Web server in the User directive.
This problem occurs when the user home directory is created using the useradd command, and
directory authority is only set for the owner, meaning that only that user has access permission.