I have several name-based virtual hosts on my system and I am beginning to wonder if I am being to redundant in my configuration and give myself more work then I really need. But I am also asking this from a security perspective. In each of my virtual hosts I have put the following.
Code:
<VirtualHost *:80>
ServerAdmin email@server.com
ServerAlias server.domain.com
DocumentRoot /path/to/site/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /path/to/site>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx/XX # Only if needed for sites with local access only.
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
I don't think I need all of that but for logging, having logs for each site is useful, but I haven't got around to configuring it like I want, it's on my to do list this weekend.
From what i can tell I don't really need the Alias /doc/ for each virtual host but do I neeed the ScriptAlias portion and other sections or would it just be best to put the following only for each of my virtual hosts. Thus saving myself less work.
Code:
<VirtualHost *:80>
ServerAdmin email@server.com
ServerAlias server.domain.com
DocumentRoot /path/to/site/
<Directory /path/to/site>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx/XX # Only if needed for sites with local access only.
</Directory>
</VirtualHost>
Suggestions for the best possible VirtualHost configuration are welecome.