Apache Friends Support Forum

Hello-

I just succesfully installed this system on a windows XP computer for a friend of mine. I'm more Linux-server friendly, so I'm wondering what I need to do to secure this site from hackers. Is it soley based on .htaccess files? Or is there a chmod XXX option in windows?

Any help is appreciated.

by the way, I'm behind a firewall

I just notice that when I go to www.mywebsite.com/images/ directory, I can see everything thats there.

I'm no expert, just thought I'd help with what I know.

according to what I've read Apache is the most secure server available

There are user accounts in Mercury, Phpmyadmin, Mysql, ect. that need passwords or deletion (ie:newuser,pma, test) Check all modules for default accounts and redo passwords in any .htpasswd files you find.

you can protect directories easily by ensuring it has a index.* file or

There is an Options Tag in httpd.conf found under the default path

C:\apachefriends\xampp\apache\conf\httpd.conf

Look for

Options Indexes FollowSymLinks MultiViews Includes ExecCGI
AddType text/html .shtml
AddHandler server-parsed .shtml
AddHandler cgi-script .cgi .pl

The Indexes parameter is displaying the directory when no index file is found.

You will find the Option directive in Aliases defined also.

Alias /phpmyadmin "C:/apachefriends/xampp/phpmyadmin/"

<Directory "D:/apache/xampp/phpMyAdmin/">
Options Indexes MultiViews ExecCGI
DirectoryIndex index.php
Order allow,deny
Allow from all
</Directory>

for more info goto

http://httpd.apache.org/docs-2.0/mod/core.html#options

thanks man. I'll look into it when I get a chance.