The root of Apache2 configuration documentation is at
http://httpd.apache.org/docs/1.3/configuring.html
I'll address the
Options below;
The /htdocs directory (known as the
DocumentRoot location) is where the public html files live.
Normally, we install Apache2 (on windows) at
C:\apache2 and the
DocumentRoot would be at
C:\apache2\htdocs.
Why? Because you never want your server side scripts (ie: /cgi-bin ) to be located inside
the DocumentRoot as that exposes them to attacks from the Internet.
The script directory belongs as a peer directory to the DocumentRoot, eg:
C:\apache2\htdocs
C:\apache2\cgi-bin
[edit] also has other directories that should not be accessible, eg:
C:\apache2\bin
C:\apache2\conf
C:\apache2\logs
[/edit]
This stops any attack code from accessing /cgi-bin using the 'CD ../..' as the apache server stops that when it reaches the
/htdocs directory.
Options and Directives
The Apache
Directory statement is defined here
The Directives are designed to be hierarchical so the first directive
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
protects the entire apache filespace from Internet access. New pages and scripts
are placed using FTP or local access which does not get restricted by this directive.
(
kimsland: <Directory "C:/htdocs"> is not the standard/approved location
)
At any rate, this is how you tell Apache from where to sever pages:
DocumentRoot "C:/Apache/Apache2/htdocs" (I have both Apache1 and 2 installed)
The next directive targets the DocumentRoot for Internet and scripting access
<Directory "C:/Apache/Apache2/htdocs">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride Options
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
The
Options are defined here