[CentOS] Apache warns Web server admins of DoS attack tool
Emmanuel Noobadmin
centos.admin at gmail.com
Fri Aug 26 05:48:11 UTC 2011
On 8/26/11, Always Learning <centos at u61.u22.net> wrote:
>
> On Thu, 2011-08-25 at 14:36 -0700, John R Pierce wrote:
>> the existing EL httpd.conf includes /etc/httpd/conf.d/*.conf and any
>> changes are expected to be made there rather than editing the stock file.
>
> Hi John,
>
> No Centos updates are likely to interfere with my Apache server options
> and virtual hosts. The existing /etc/httpd/conf/httpd.conf is large and
> laborious to read and fully understand especially with so many useful
> comments.
>
> 'including' the parts that do change and are not operating system
> dependant, meaning putting them somewhere which has no connection to the
> operating system, for example
>
> /data/config/apache/server.conf
> /data/config/apache/domain.*
>
> means, I believe, that if a change to one small file goes wrong then
> there is absolutely no danger to 'damaging' any of the other files and
> the source of the problem is quick and easy to identify. Thus 'change
> damage' is strictly limited to one small self-contained file and can not
> affect any of the other files.
>
> I have too much experience of so-called collateral damage inadvertently
> caused to other parts of a file being changed. It costs time and money
> to trace and diagnose problems, so economically it is a good idea to
> eliminate as much as possible non-involved configuration parameters.
>
> As you will have noticed Apache actually offers the ability to fragment
> configuration parameters to other files by supplying - for the benefit
> of people like me - the 'include' facility. If Apache never wanted
> folks to use this useful facility, it would never have offered the
> 'include' ability.
I think you're misunderstanding John there? Rather than suggesting
using a single large httpd.conf file, he seems to be just pointing
out that the default config already includes any *.conf files inside
the conf.d directory so you could just add the additional/sub .conf
files in there for consistency.
More information about the CentOS
mailing list