Last active
October 20, 2015 18:53
-
-
Save enderandpeter/cdab20bd5683383d1ee1 to your computer and use it in GitHub Desktop.
Recommended vhost configuration for Magento sites. All web users are granted access, except to the app folder which contains framework configuration. AllowOverride should grant only enough access as is required, so edit that line as necessary.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <VirtualHost *:80> | |
| ServerName magento.local | |
| DocumentRoot /var/www/magento | |
| <Directory /var/www/magento> | |
| Require all granted | |
| AllowOverride FileInfo Indexes Options Limit | |
| </Directory> | |
| </VirtualHost> |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even though Magento recommends setting
AllowOverride All, you should be wary of allowing a web app to do anything at all, as opposed to only what it is expecting to do. This is why they recommend letting the web server process owner only write to specific directories.Earlier, the config was denying the entire
/var/www/magento/appfolder, but I have since learned that the.htaccessfiles throughout the site already deny access to the places it wishes to restrict, and so it is important to allow the right overrides, as well asOptions FollowSymLinksif it is not on. TheLimitdirective type allows theAllow,Order, andDenydirectives. If Magento starts usingRequire, you'd want to allowAuthConfig.