I have the following section in my Slackware 14's default Apache configuration:
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
Require all denied
I thought that specifically allowing access in each <Virtualhost *:80> directive (through a <Directory /path> directive) would override that general block, but it doesn't. I can't access any site unless I comment that section out, or I replace it with:
Allow from all
So what's going on here?
I do like the idea of blocking everything by default and only allowing access to specific folders, but how do I implement it?
With that first section commented out, everything works, but I'm also open to all sort of exploits, right?