Update 2010-10-25: I’ve added “TraceEnable Off” to the configuration (which is not the default on Debian).
If you run an Apache 2 web server on a production system, it is always a good idea to make some easy configuration changes in /etc/apache2/conf.d/security to increase the server’s security:
# Disable access, directory indexing and .htaccess files by default <Directory /> Options -Indexes AllowOverride None Order Deny,Allow Deny from all </Directory> # Disable system information be included in the HTTP responses ServerTokens Prod # Disable system information to be included in server-generated pages ServerSignature Off # Disable HTTP TRACE requests TraceEnable Off
The directory directive could break the compatibility with your current configuration. In detail, you have override the directive for all of your configured virtual hosts to enable access to the resources in the document root path, like:
<VirtualHost *:80> [...] <Directory /path/to/www/htdocs> Order allow,deny Allow from all </Directory> </VirtualHost>