https://community.hpe.com/t5/operating-system-hp-ux/apache-vulnerability/m-p/3955641#M739744 I would consider read access to your webserver's DocumentRoot basically quite normal as this is what one usally intends, viz. to serve content to the world ;-)<BR />You restrict access through mod_access and the ubiquitous "Allow from" directives in either <DIRECTORY> or <LOCATION> containers (regard the restricted scope).<BR />Please, refer to the Apache mod_access' doc for details <BR /><A href="http://httpd.apache.org/docs/2.0/mod/mod_access.html" target="_blank">http://httpd.apache.org/docs/2.0/mod/mod_access.html</A></LOCATION></DIRECTORY> Mon, 05 Mar 2007 09:34:40 GMT Ralph Grothe 2007-03-05T09:34:40Z https://community.hpe.com/t5/operating-system-hp-ux/apache-vulnerability/m-p/3955640#M739743 My Apache web server doc directory is readable which gives the information installed.<BR />(<A href="http://172.29.200.181/doc/" target="_blank">http://172.29.200.181/doc/</A> and ///?PageServices)<BR /><BR />How do i impose access restrictions t this directory? Mon, 05 Mar 2007 09:18:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-vulnerability/m-p/3955640#M739743 mwagiru 2007-03-05T09:18:00Z https://community.hpe.com/t5/operating-system-hp-ux/apache-vulnerability/m-p/3955641#M739744 I would consider read access to your webserver's DocumentRoot basically quite normal as this is what one usally intends, viz. to serve content to the world ;-)<BR />You restrict access through mod_access and the ubiquitous "Allow from" directives in either <DIRECTORY> or <LOCATION> containers (regard the restricted scope).<BR />Please, refer to the Apache mod_access' doc for details <BR /><A href="http://httpd.apache.org/docs/2.0/mod/mod_access.html" target="_blank">http://httpd.apache.org/docs/2.0/mod/mod_access.html</A></LOCATION></DIRECTORY> Mon, 05 Mar 2007 09:34:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-vulnerability/m-p/3955641#M739744 Ralph Grothe 2007-03-05T09:34:40Z