Apache

While I'm studying tonight I also ran across some apache configurations. One thing I noticed as an option is FollowSymLinks which seems to be set on alot of current apache deployments. I know that this will allow the system to follow system links within the directory. My question is...aren't there security concerns with this? Assume someone drops a files in this directory that system links to somewhere it shouldn't, will the permissions of the filesystem stop this or is that a "it depends" scenario?

Find more posts tagged with

Comments

darkerosxx

Just have to watch permissions and be sure apache(the apache user) can't read files it shouldn't be able to read. This can be accomplished in a lot of ways, but mostly through permissions and SELinux.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of