[CentOS] Apache warns Web server admins of DoS attack tool

Fri Aug 26 19:13:47 UTC 2011

On Friday, August 26, 2011 03:02:06 PM Always Learning wrote:
> On Fri, 2011-08-26 at 14:19 -0400, m.roth at 5-cent.us wrote:
> > And you *are* customizing /etc/httpd/conf/httpd.conf.

> We have D-O-C-U-M-E-N-T-A-T-I-O-N which remains behind we we go home, go
> to lunch and go on holiday.

> > I stay with std. practice, as much as I can.

> I do too but where there are multiple servers using almost the same
> setup, the changeable bits are 'included' and kept in individual files. 

What can you do with this setup that you can't with the standard way of putting those files, including other includes, in the standard /etc/httpd/conf.d/ directory?  As the stock httpd.conf is already set up to do those automatic includes out of /etc/httpd/conf.d/, no customization nor special documentation is required to handle essentially everything you've said on this topic.  If you put those individual vhost files in the /etc/httpd/conf.d/ directory, you don't have to do anything at all extra, and you don't have to document it, since it's already the standard way, which saves you time and money.  (Or, to paraphrase a common rejoinder in NANOG, 'I encourage my competitors to do it that way.')

You can have a single file per vhost, no problem, in /etc/httpd/conf.d/.  You can back it up easily (/etc should be a stock part of everyone's backups, right?).  You can subinclude, even making a subtree under the /etc/httpd/conf.d/ directory.  And it's all already set up to just work with SELinux and the other RHEL (RHCE!) documented ways of doing things.   And it IS the standard way of doing what you're saying is the way you do things.