Where is "var/www/html" / Apache hardening
I'm running Apache 2.4.18 on Ubuntu 16.04.03 LTS. I'm trying to further secure my web server, however, my problem is I can't find "var/www/html" in my conf. file, only "var/www/>"
Is "/html" deprecated in newer Apache versions or am I doing something wrong? I want to prevent clickjacking, XSS, and enable secure cookies primarily
Following this guide from a couple years ago:
If relevant, Wordpress is my web frontend.
<directory "="" var="" www="" html"=""># # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted</directory>
[email protected]:/etc/apache2# rgrep '\/var\/www' sites-available/000-default.conf: DocumentRoot /var/www/html sites-available/default-ssl.conf: DocumentRoot /var/www/html apache2.conf:# not allow access to the root filesystem outside of /usr/share and /var/www. apache2.conf: <directory var="" www="">apache2.conf:</directory>
If the above command does not produce a similar result you are using either heavily modified or outdated aoache configuration.