Last active
October 20, 2015 18:53
-
-
Save enderandpeter/cdab20bd5683383d1ee1 to your computer and use it in GitHub Desktop.
Recommended vhost configuration for Magento sites. All web users are granted access, except to the app folder which contains framework configuration. AllowOverride should grant only enough access as is required, so edit that line as necessary.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerName magento.local | |
DocumentRoot /var/www/magento | |
<Directory /var/www/magento> | |
Require all granted | |
AllowOverride FileInfo Indexes Options Limit | |
</Directory> | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even though Magento recommends setting
AllowOverride All
, you should be wary of allowing a web app to do anything at all, as opposed to only what it is expecting to do. This is why they recommend letting the web server process owner only write to specific directories.Earlier, the config was denying the entire
/var/www/magento/app
folder, but I have since learned that the.htaccess
files throughout the site already deny access to the places it wishes to restrict, and so it is important to allow the right overrides, as well asOptions FollowSymLinks
if it is not on. TheLimit
directive type allows theAllow
,Order
, andDeny
directives. If Magento starts usingRequire
, you'd want to allowAuthConfig
.