2.4.x/docs/manual/misc/security_tips.xml.ko - httpd - Git at Google

 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
 <!-- English Revision: 105989:1673563 (outdated) -->

 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
 -->

 <manualpage metafile="security_tips.xml.meta">
   <parentdocument href="./">Miscellaneous Documentation</parentdocument>

   <title>º¸¾È ÆÁ</title>

   <summary>
     <p>À¥¼¹ö¸¦ ¿î¿µÇÒ¶§ µµ¿òÀÌ µÉ º¸¾È °ü·Ã ÈùÆ®¿Í ÆÁÀÌ´Ù.
     ¾î¶² °ÍÀº ÀÏ¹ÝÀûÀÌ°í, ¾î¶² °ÍÀº ¾ÆÆÄÄ¡¿¡¸¸ ÇØ´çÇÏ´Â °ÍÀÌ´Ù.</p>
   </summary>

   <section id="uptodate"><title>ÃÖ½ÅÆÇÀ¸·Î À¯ÁöÇÏ±â</title>

     <p>¾ÆÆÄÄ¡ À¥¼¹ö´Â ¾ÈÀü°ú º¸¾È ¹®Á¦¿¡ °ü½ÉÀÌ ¸¹Àº °³¹ßÀÚ
     °øµ¿Ã¼·Î À¯¸íÇÏ´Ù. ±×·¯³ª Å©°Ç ÀÛ°Ç ¹ßÇ¥ÈÄ ¹ß°ßµÇ´Â ¹®Á¦µéÀ»
     ÇÇÇÒ ¼ö ¾ø´Ù. ±×·¡¼ ¼ÒÇÁÆ®¿þ¾î¸¦ ÃÖ½Å¹öÀüÀ¸·Î À¯ÁöÇÏ´Â
     °ÍÀÌ Áß¿äÇÏ´Ù. ¾ÆÆÄÄ¡¿¡¼ Á÷Á¢ À¥¼¹ö¸¦ ´Ù¿î·ÎµåÇß´Ù¸é,
     »õ·Î¿î ¹öÀü°ú º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¾Ë·ÁÁÖ´Â <a
     href="http://httpd.apache.org/lists.html#http-announce">¾ÆÆÄÄ¡
     À¥¼¹ö ¹ßÇ¥ ¸ÞÀÏ¸µ¸®½ºÆ®</a>¸¦ ±¸µ¶ÇÏ±æ °·ÂÈ÷ ±ÇÇÑ´Ù.
     ¾ÆÆÄÄ¡ ¼ÒÇÁÆ®¿þ¾î¸¦ ¹èÆ÷ÇÏ´Â ¸¹Àº Á¦»ïÀÚµéµµ ºñ½ÁÇÑ ¼ºñ½º¸¦
     Á¦°øÇÑ´Ù.</p>

     <p>¹°·Ð À¥¼¹ö ÄÚµå¶§¹®¿¡ À¥¼¹ö°¡ °ø°ÝÀ» ´çÇÏ´Â °æ¿ì´Â
     ¸¹Áö ¾Ê´Ù. ±×º¸´Ù Ãß°¡ ÄÚµå, CGI ½ºÅ©¸³Æ®, ÇÏÀ§ ¿î¿µÃ¼Á¦ÀÇ
     ¹®Á¦·Î °ø°ÝÀ» ´çÇÏ´Â °æ¿ì°¡ ¸¹´Ù. ±×·¯¹Ç·Î Ç×»ó ÁÖÀÇÇÏ¸ç
     ½Ã½ºÅÛÀÇ ¸ðµç ¼ÒÇÁÆ®¿þ¾î¸¦ ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù.</p>

   </section>

   <section id="serverroot">

     <title>ServerRoot µð·ºÅä¸® ±ÇÇÑ</title>

     <p>º¸Åë root »ç¿ëÀÚ°¡ ¾ÆÆÄÄ¡¸¦ ½ÃÀÛÇÑ ÈÄ, ¿äÃ»À» ¼ºñ½ºÇÏ±âÀ§ÇØ
     <directive module="mpm_common">User</directive> Áö½Ã¾î·Î
     ÁöÁ¤ÇÑ »ç¿ëÀÚ·Î º¯È¯ÇÑ´Ù. root°¡ ½ÇÇàÇÏ´Â ¸í·É¾î°¡ ÀÖ´Ù¸é,
     root ÀÌ¿ÜÀÇ »ç¿ëÀÚ°¡ ¼öÁ¤ÇÏÁö ¸øÇÏµµ·Ï ÁÖÀÇÇØ¾ß ÇÑ´Ù. ÀÌ
     ÆÄÀÏµéÀ» root¸¸ ¾µ ¼ö ÀÖ¾î¾ß ÇÏ°í, µð·ºÅä¸®¿Í ¸ðµç »óÀ§µð·ºÅä¸®µµ
     ¸¶Âù°¡Áö´Ù. ¿¹¸¦ µé¾î, ServerRoot·Î /usr/local/apache¸¦
     »ç¿ëÇÑ´Ù¸é root »ç¿ëÀÚ°¡ ´ÙÀ½°ú °°ÀÌ µð·ºÅä¸®¸¦ ¸¸µé±æ
     Á¦¾ÈÇÑ´Ù:</p>

     <example>
       mkdir /usr/local/apache <br />
       cd /usr/local/apache <br />
       mkdir bin conf logs <br />
       chown 0 . bin conf logs <br />
       chgrp 0 . bin conf logs <br />
       chmod 755 . bin conf logs
     </example>

     <p>±×·¯¸é /, /usr, /usr/local Àº root¸¸ÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù.
     httpd ½ÇÇàÆÄÀÏÀ» ¼³Ä¡ÇÒ¶§ ´ÙÀ½°ú °°ÀÌ º¸È£ÇØ¾ß ÇÑ´Ù:</p>

     <example>
       cp httpd /usr/local/apache/bin <br />
       chown 0 /usr/local/apache/bin/httpd <br />
       chgrp 0 /usr/local/apache/bin/httpd <br />
       chmod 511 /usr/local/apache/bin/httpd
     </example>

     <p>htdocs ÇÏÀ§µð·ºÅä¸®´Â ´Ù¸¥ »ç¿ëÀÚµéÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï
     ¸¸µé ¼ö ÀÖ´Ù -- root´Â ±×°÷¿¡ ÀÖ´Â ÆÄÀÏÀ» ½ÇÇàÇÏÁöµµ, ¸¸µéÁöµµ
     ¾Ê¾Æ¾ß ÇÑ´Ù.</p>

     <p>root°¡ ¾Æ´Ñ »ç¿ëÀÚ°¡ root°¡ ½ÇÇàÇÏ°Å³ª ¾²±â°¡´ÉÇÑ ÆÄÀÏÀ»
     ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù¸é ½Ã½ºÅÛÀÇ root ±ÇÇÑÀ» ÈÉÄ¥ ¼ö ÀÖ´Ù. ¿¹¸¦
     µé¾î, ´©±º°¡ httpd ½ÇÇàÆÄÀÏÀ» º¯°æÇÏ¿´´Ù¸é ´ÙÀ½¹ø ½ÃÀÛÇÒ¶§
     ÀÓÀÇÀÇ ÄÚµå¸¦ ½ÇÇàÇÏ°Ô µÈ´Ù. logs µð·ºÅä¸®°¡ (root°¡ ¾Æ´Ñ
     »ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é ´©±º°¡ ·Î±×ÆÄÀÏÀ» ´Ù¸¥ ½Ã½ºÅÛÆÄÀÏ·Î
     ½Éº¼¸µÅ©¸¦ °É¾î¼ root°¡ ÆÄÀÏ¿¡ ÀÓÀÇÀÇ ÀÚ·á¸¦ µ¤¾î¾µ ¼ö
     ÀÖ´Ù. ·Î±×ÆÄÀÏÀÌ (root°¡ ¾Æ´Ñ »ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é
     ´©±º°¡ ·Î±×¿¡ ÀÌ»óÇÑ ÀÚ·á¸¦ ±â·ÏÇÒ ¼ö ÀÖ´Ù.</p>

   </section>

   <section id="ssi">

     <title>Server Side Includes</title>

     <p>Server Side Includes (SSI)´Â ¼¹ö °ü¸®ÀÚ¿¡°Ô º¸¾È»ó ¸î°¡Áö
     ÀáÀçÀûÀÎ À§ÇèÀÌ´Ù.</p>

     <p>Ã¹¹øÂ° À§ÇèÀº ¼¹öÀÇ ºÎÇÏ¸¦ ´Ã¸®´Â Á¡ÀÌ´Ù. ¾ÆÆÄÄ¡´Â ÆÄÀÏ¿¡
     SSI Áö½Ã¾î°¡ ÀÖ´ÂÁö ¿©ºÎ¿Í °ü°è¾øÀÌ ¸ðµç SSI ÆÄÀÏÀ» ºÐ¼®ÇØ¾ß
     ÇÑ´Ù. Á¶±Ý ºÎÇÏ°¡ ´ÃÁö¸¸, ¼¹ö¸¦ ¿©·¯ »ç¶÷ÀÌ °°ÀÌ »ç¿ëÇÏ´Â
     È¯°æ¿¡¼´Â ½É°¢ÇÒ ¼ö ÀÖ´Ù.</p>

     <p>¶Ç, SSI ÆÄÀÏÀº ÀÏ¹ÝÀûÀÎ CGI ½ºÅ©¸³Æ®¿Í µ¿ÀÏÇÑ À§ÇèÀ»
     °¡Áø´Ù. SSI ÆÄÀÏ¿¡¼ "exec cmd"¸¦ »ç¿ëÇÏ¸é httpd.conf¿¡¼
     ¾ÆÆÄÄ¡¸¦ ½ÇÇàÇÏµµ·Ï ¼³Á¤ÇÑ »ç¿ëÀÚ¿Í ±×·ì ±ÇÇÑÀ¸·Î CGI
     ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.</p>

     <p>ÀåÁ¡À» È°¿ëÇÏ¸é¼ SSI ÆÄÀÏÀÇ º¸¾ÈÀ» Çâ»ó½ÃÅ°´Â ¹æ¹ýÀÌ
     ÀÖ´Ù.</p>

     <p>SSI ÆÄÀÏÀÌ °¡Á®¿Ã ¼ö ÀÖ´Â ÇÇÇØ¸¦ °Ý¸®ÇÏ±âÀ§ÇØ ¼¹ö°ü¸®ÀÚ´Â
     <a href="#cgi">ÀÏ¹ÝÀûÀÎ CGI</a> Àý¿¡¼ ¼³¸íÇÏ´Â ¹æ¹ýÀ¸·Î
     <a href="../suexec.html">suexec</a>¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù</p>

     <p>.htmlÀÌ³ª .htm È®ÀåÀÚ¸¦ SSI ÆÄÀÏ·Î »ç¿ëÇÏ´Â °ÍÀº À§ÇèÇÏ´Ù.
     Æ¯È÷ ¿©·¯ »ç¶÷ÀÌ °øÀ¯ÇÏ°Å³ª Åë½Å·®ÀÌ ¸¹Àº ¼¹ö È¯°æ¿¡¼
     À§ÇèÇÏ´Ù. SSI ÆÄÀÏÀº ÀÏ¹ÝÀûÀ¸·Î ¸¹ÀÌ »ç¿ëÇÏ´Â .shtml °°Àº
     º°µµÀÇ È®ÀåÀÚ¸¦ °¡Á®¾ß ÇÑ´Ù. ±×·¯¸é ¼¹ö ºÎÇÏ¸¦ ÃÖ¼ÒÈÇÏ°í
     À§Çè¿ä¼Ò¸¦ ½±°Ô °ü¸®ÇÒ ¼ö ÀÖ´Ù.</p>

     <p>´Ù¸¥ ¹æ¹ýÀº SSI ÆäÀÌÁö°¡ ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÏÁö
     ¸øÇÏµµ·Ï ¸¸µå´Â °ÍÀÌ´Ù. <directive
     module="core">Options</directive> Áö½Ã¾î¿¡¼ <code>Includes</code>
     ´ë½Å <code>IncludesNOEXEC</code>¸¦ »ç¿ëÇÑ´Ù. ±×·¡µµ ½ºÅ©¸³Æ®°¡
     <directive module="mod_alias">ScriptAlias</directive> Áö½Ã¾î·Î
     ÁöÁ¤ÇÑ µð·ºÅä¸®¿¡ ÀÖ´Ù¸é &lt;--#include virtual="..." --&gt;¸¦
     »ç¿ëÇÏ¿© CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÒ ¼ö ÀÖÀ½À» ÁÖÀÇÇÏ¶ó.</p>

   </section>

   <section id="cgi">

     <title>ÀÏ¹ÝÀûÀÎ CGI</title>

     <p>°á±¹ ´ç½ÅÀº Ç×»ó CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ ÀúÀÚ¸¦ ½Å·ÚÇØ¾ß
     ÇÏ°í, °íÀÇ°Ç ½Ç¼öÀÌ°Ç CGIÀÇ ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» ¹ß°ßÇÒ
     ¼ö ÀÖ¾î¾ß ÇÑ´Ù. ±âº»ÀûÀ¸·Î CGI ½ºÅ©¸³Æ®´Â À¥¼¹ö »ç¿ëÀÚ
     ±ÇÇÑÀ¸·Î ½Ã½ºÅÛ¿¡¼ ¾î¶² ¸í·É¾î¶óµµ ½ÇÇàÇÒ ¼ö ÀÖ±â¶§¹®¿¡
     ÁÖÀÇÀÖ°Ô È®ÀÎÇÏÁö ¾ÊÀ¸¸é ¸Å¿ì À§ÇèÇÏ´Ù.</p>

     <p>¸ðµç CGI ½ºÅ©¸³Æ®°¡ °°Àº »ç¿ëÀÚ·Î ½ÇÇàµÇ±â¶§¹®¿¡ ´Ù¸¥
     ½ºÅ©¸³Æ®¿Í (°íÀÇ°Ç ½Ç¼öÀÌ°Ç) Ãæµ¹ÇÒ °¡´É¼ºÀÌ ÀÖ´Ù. ¿¹¸¦
     µé¾î, »ç¿ëÀÚ A´Â »ç¿ëÀÚ B¸¦ ¸Å¿ì ½È¾îÇÏ¿©, »ç¿ëÀÚ BÀÇ CGI
     µ¥ÀÌÅÍº£ÀÌ½º¸¦ Áö¿ö¹ö¸®´Â ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÒ ¼ö ÀÖ´Ù. ¾ÆÆÄÄ¡
     1.2 ¹öÀüºÎÅÍ Æ÷ÇÔµÇ¾ú°í ¾ÆÆÄÄ¡ ¼¹ö¿¡¼ Æ¯º°ÇÑ ÈÅ(hook)À¸·Î
     µ¿ÀÛÇÏ´Â <a href="../suexec.html">suEXEC</a>´Â ½ºÅ©¸³Æ®¸¦
     ´Ù¸¥ »ç¿ëÀÚ·Î ½ÇÇàÇÏ´Â ¹æ¹ýÁß ÇÏ³ª´Ù. ´Ù¸¥ ´ëÁßÀûÀÎ ¹æ¹ý¿¡´Â
     <a href="http://cgiwrap.unixtools.org/">CGIWrap</a>ÀÌ ÀÖ´Ù.</p>

   </section>

   <section id="nsaliasedcgi">

     <title>ScriptAliasÇÏÁö ¾ÊÀº CGI</title>

     <p>´ÙÀ½ Á¶°ÇÀ» ¸¸Á·ÇÒ¶§¸¸ »ç¿ëÀÚ°¡ ¾î¶² µð·ºÅä¸®¿¡¼¶óµµ
     CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏµµ·Ï Çã¿ëÇÒ ¼ö ÀÖ´Ù:</p>

     <ul>
       <li>´ç½ÅÀº °íÀÇ°Ç ½Ç¼öÀÌ°Ç »ç¿ëÀÚ°¡ ½Ã½ºÅÛÀ» °ø°Ý¿¡ ³ëÃâ½ÃÅ°´Â
       ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÏÁö ¾Ê´Â´Ù°í ¹Ï´Â´Ù.</li>
       <li>½Ã½ºÅÛÀÇ ´Ù¸¥ ºÎºÐÀÇ º¸¾ÈÀÌ ¾àÇØ¼, ÀáÀçÀûÀÎ ÇãÁ¡À»
       ÇÏ³ª ´õ ¸¸µé¾îµµ ³ªºüÁú °ÍÀÌ ¾ø´Ù°í »ý°¢ÇÏ´Â °æ¿ì.</li>
       <li>»ç¿ëÀÚ°¡ ¾ø°í, ¾Æ¸¶ ¾Æ¹«µµ ¼¹ö¸¦ ¹æ¹®ÇÏÁö¾Ê´Â °æ¿ì.</li>
     </ul>

   </section>

   <section id="saliasedcgi">

     <title>ScriptAliasÇÑ CGI</title>

     <p>Æ¯Á¤ µð·ºÅä¸®¿¡¼¸¸ CGI¸¦ ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï Á¦ÇÑÇÏ¸é °ü¸®ÀÚ´Â
     ÀÌµé µð·ºÅä¸®¸¦ ÅëÁ¦ÇÒ ¼ö ÀÖ´Ù. ÀÌ °æ¿ì´Â scriptaliasÇÏÁö
     ¾ÊÀº CGIº¸´Ù È®½ÇÈ÷ ¾ÈÀüÇÏ´Ù. ´Ü, ½Å·ÚÇÏ´Â »ç¿ëÀÚ¸¸ µð·ºÅä¸®¿¡
     Á¢±ÙÇÒ ¼ö ÀÖ°í, °ü¸®ÀÚ°¡ »õ·Î¿î CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ
     ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» °Ë»çÇÒ ¿ëÀÌ°¡ ÀÖ´Ù¸é.</p>

     <p>´ëºÎºÐÀÇ »çÀÌÆ®´Â scriptaliasÇÏÁö ¾ÊÀº CGI ¹æ½Ä ´ë½Å
     ÀÌ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù.</p>

   </section>

    <section id="dynamic">

   <title>µ¿Àû ³»¿ëÀ» »ý¼ºÇÏ´Â ´Ù¸¥ ¹æ¹ý</title>

   <p>
   mod_php, mod_perl, mod_tcl, mod_python °°ÀÌ ¼¹öÀÇ ÀÏºÎ·Î
   µ¿ÀÛÇÏ´Â ÀÓº£µðµå ½ºÅ©¸³Æ®´Â ¼¹ö¿Í °°Àº »ç¿ëÀÚ·Î (<directive
   module="mpm_common">User</directive> Áö½Ã¾î Âü°í) ½ÇÇàµÇ±â¶§¹®¿¡,
   ½ºÅ©¸³Æ® ¿£ÁøÀÌ ½ÇÇàÇÏ´Â ½ºÅ©¸³Æ®´Â ÀáÀçÀûÀ¸·Î ¼¹ö »ç¿ëÀÚ°¡
   Á¢±ÙÇÒ ¼ö ÀÖ´Â ¸ðµç °Í¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Ù. ¾î¶² ½ºÅ©¸³Æ® ¿£ÁøÀº
   ¾î´ÀÁ¤µµ Á¦ÇÑÀ» ÇÏÁö¸¸, ¾ÈÀüÇÏ´Ù°í °¡Á¤ÇÏÁö ¾Ê´Â °ÍÀÌ ÁÁ´Ù.</p>

   </section>

   <section id="systemsettings">

     <title>½Ã½ºÅÛ ¼³Á¤ º¸È£ÇÏ±â</title>

     <p>Á¤¸»·Î ¾ÈÀüÇÑ ¼¹ö¸¦ ¿î¿µÇÏ·Á¸é »ç¿ëÀÚ°¡
     <code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÏ¿© ´ç½ÅÀÌ ¼³Á¤ÇÑ º¸¾È±â´ÉÀ»
     º¯°æÇÏ±æ ¹Ù¶óÁö ¾ÊÀ» °ÍÀÌ´Ù. ±×·¯±âÀ§ÇØ ´ÙÀ½°ú °°Àº ¹æ¹ýÀÌ
     ÀÖ´Ù.</p>

     <p>¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡ÇÑ´Ù</p>

     <example>
       &lt;Directory /&gt; <br />
         AllowOverride None <br />
       &lt;/Directory&gt;
     </example>

     <p>±×·¯¸é »ç¿ë°¡´ÉÇÏµµ·Ï ¸í½ÃÀûÀ¸·Î Çã¿ëÇÑ µð·ºÅä¸®¸¦ Á¦¿ÜÇÏ°í´Â
     <code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÒ ¼ö ¾ø´Ù.</p>

   </section>

   <section id="protectserverfiles">

     <title>±âº»ÀûÀ¸·Î ¼¹ö¿¡ ÀÖ´Â ÆÄÀÏ º¸È£ÇÏ±â</title>

     <p>»ç¶÷µéÀº Á¾Á¾ ¾ÆÆÄÄ¡ÀÇ ±âº» Á¢±Ù¿¡ ´ëÇØ Àß¸ø ¾Ë°íÀÖ´Ù.
     Áï, ¼¹ö°¡ ÀÏ¹ÝÀûÀÎ URL ´ëÀÀ ±ÔÄ¢À» »ç¿ëÇÏ¿© ÆÄÀÏÀ» Ã£À»
     ¼ö ÀÖ´Ù¸é, Æ¯º°È÷ Á¶Ä¡¸¦ ÇÏÁö ¾Ê´ÂÇÑ Å¬¶óÀÌ¾ðÆ®¿¡°Ô ÆÄÀÏÀÌ
     ¼ºñ½ºµÉ ¼ö ÀÖ´Ù.</p>

     <p>¿¹¸¦ µé¾î, ¾Æ·¡¿Í °°Àº °æ¿ì:</p>

     <example>
       # cd /; ln -s / public_html <br />
       <code>http://localhost/~root/</code> ¿¡ Á¢±ÙÇÑ´Ù
     </example>

     <p>±×·¯¸é Å¬¶óÀÌ¾ðÆ®´Â ÀüÃ¼ ÆÄÀÏ½Ã½ºÅÛÀ» µ¹¾Æ´Ù´Ò ¼ö ÀÖ´Ù.
     ÀÌ¸¦ ¸·±âÀ§ÇØ ¼¹ö¼³Á¤¿¡¼ ´ÙÀ½°ú °°Àº Á¶Ä¡¸¦ ÇÑ´Ù:</p>

     <example>
       &lt;Directory /&gt; <br />
       Order Deny,Allow <br />
       Deny from all <br />
       &lt;/Directory&gt;
     </example>

     <p>±×·¯¸é ÆÄÀÏ½Ã½ºÅÛ À§Ä¡¿¡ ´ëÇØ ±âº» Á¢±ÙÀÌ °ÅºÎµÈ´Ù.
     ¿øÇÏ´Â ¿µ¿ª¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï ´ÙÀ½°ú °°Àº <directive
     module="core">Directory</directive> ºí·ÏÀ» Ãß°¡ÇÑ´Ù.</p>

     <example>
       &lt;Directory /usr/users/*/public_html&gt; <br />
         Order Deny,Allow <br />
         Allow from all <br />
       &lt;/Directory&gt; <br />
       &lt;Directory /usr/local/httpd&gt; <br />
         Order Deny,Allow <br />
         Allow from all <br />
       &lt;/Directory&gt;
     </example>

     <p><directive module="core">Location</directive>°ú <directive
     module="core">Directory</directive> Áö½Ã¾î¸¦ °°ÀÌ »ç¿ëÇÏ´Â
     °æ¿ì Æ¯º°È÷ ÁÖÀÇ¸¦ ±â¿ï¿©¶ó. ¿¹¸¦ µé¾î, <code>&lt;Directory
     /&gt;</code>°¡ Á¢±ÙÀ» °ÅºÎÇÏ´õ¶óµµ <code>&lt;Location
     /&gt;</code> Áö½Ã¾î°¡ ÀÌ¸¦ ¹«½ÃÇÒ ¼ö ÀÖ´Ù</p>

     <p><directive module="mod_userdir">UserDir</directive> Áö½Ã¾î¸¦
     »ç¿ëÇÏ´Â °æ¿ì¿¡µµ ÁÖÀÇÇÏ¶ó. Áö½Ã¾î¸¦ "./" °°ÀÌ ¼³Á¤ÇÏ¸é
     root »ç¿ëÀÚ¿¡ ´ëÇØ ¹Ù·Î À§ÀÇ °æ¿ì¿Í °°Àº ¹®Á¦°¡ ¹ß»ýÇÑ´Ù.
     ¾ÆÆÄÄ¡ 1.3 ÀÌ»óÀ» »ç¿ëÇÑ´Ù¸é ¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ¾Æ·¡ ÁÙÀ» Ãß°¡ÇÏ±æ
     °·ÂÈ÷ ±ÇÇÑ´Ù:</p>

     <example>
       UserDir disabled root
     </example>

   </section>

   <section id="watchyourlogs">

     <title>·Î±× »ìÆìº¸±â</title>

     <p>½ÇÁ¦·Î ¼¹ö¿¡¼ ¹«½¼ ÀÏÀÌ ÀÖ¾î³ª°í ÀÖ´ÂÁö ¾Ë·Á¸é <a
     href="../logs.html">·Î±×ÆÄÀÏ</a>À» »ìÆìºÁ¾ß ÇÑ´Ù. ·Î±×ÆÄÀÏÀº
     ÀÌ¹Ì ÀÏ¾î³ ÀÏ¸¸À» º¸°íÇÏÁö¸¸, ¼¹ö¿¡ ¾î¶² °ø°ÝÀÌ ÀÖ¾ú´ÂÁö
     ¾Ë·ÁÁÖ°í ÇöÀç ÇÊ¿äÇÑ ¸¸Å ¾ÈÀüÇÑÁö È®ÀÎÇÏ°Ô ÇØÁØ´Ù.</p>

     <p>¿©·¯°¡Áö ¿¹:</p>

     <example>
       grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
       grep "client denied" error_log | tail -n 10
     </example>

     <p>Ã¹¹øÂ° ¿¹´Â <a
     href="http://online.securityfocus.com/bid/4876/info/">Àß¸øµÈ
     Source.JSP ¿äÃ»À¸·Î ¼¹öÁ¤º¸¸¦ ¾Ë¾Æ³¾ ¼ö ÀÖ´Â TomcatÀÇ
     Ãë¾àÁ¡</a>¸¦ ÀÌ¿ëÇÏ·Á´Â °ø°Ý È½¼ö¸¦ ¾Ë·ÁÁÖ°í, µÎ¹øÂ° ¿¹´Â
     Á¢±ÙÀÌ °ÅºÎµÈ ÃÖ±Ù Å¬¶óÀÌ¾ðÆ® 10°³¸¦ ´ÙÀ½°ú °°ÀÌ º¸¿©ÁØ´Ù:</p>

     <example>
       [Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied
       by server configuration: /usr/local/apache/htdocs/.htpasswd
     </example>

     <p>Àß ¾Ë µíÀÌ ·Î±×ÆÄÀÏÀº ÀÌ¹Ì ¹ß»ýÇÑ »ç°Ç¸¸À» º¸°íÇÑ´Ù.
     ±×·¡¼ Å¬¶óÀÌ¾ðÆ®°¡ <code>.htpasswd</code> ÆÄÀÏ¿¡ Á¢±ÙÇÒ
     ¼ö ÀÖ¾ú´Ù¸é <a href="../logs.html#accesslog">Á¢±Ù ·Î±×</a>¿¡
     ´ÙÀ½°ú °°Àº ±â·ÏÀÌ ³²À» °ÍÀÌ´Ù:</p>

     <example>
       foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
     </example>

     <p>Áï, ´ç½ÅÀº ¼¹ö ¼³Á¤ÆÄÀÏ¿¡¼ ´ÙÀ½ ºÎºÐÀ» ÁÖ¼®Ã³¸®ÇßÀ»
     °ÍÀÌ´Ù:</p>

     <example>
       &lt;Files ".ht*"&gt; <br />
         Order allow,deny <br />
         Deny from all <br />
       &lt;Files&gt;
     </example>

   </section>

 </manualpage>
	<?xml version="1.0" encoding="EUC-KR" ?>
	<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
	<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
	<!-- English Revision: 105989:1673563 (outdated) -->

	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<manualpage metafile="security_tips.xml.meta">
	<parentdocument href="./">Miscellaneous Documentation</parentdocument>

	<title>º¸¾È ÆÁ</title>

	<summary>
	<p>À¥¼¹ö¸¦ ¿î¿µÇÒ¶§ µµ¿òÀÌ µÉ º¸¾È °ü·Ã ÈùÆ®¿Í ÆÁÀÌ´Ù.
	¾î¶² °ÍÀº ÀÏ¹ÝÀûÀÌ°í, ¾î¶² °ÍÀº ¾ÆÆÄÄ¡¿¡¸¸ ÇØ´çÇÏ´Â °ÍÀÌ´Ù.</p>
	</summary>

	<section id="uptodate"><title>ÃÖ½ÅÆÇÀ¸·Î À¯ÁöÇÏ±â</title>

	<p>¾ÆÆÄÄ¡ À¥¼¹ö´Â ¾ÈÀü°ú º¸¾È ¹®Á¦¿¡ °ü½ÉÀÌ ¸¹Àº °³¹ßÀÚ
	°øµ¿Ã¼·Î À¯¸íÇÏ´Ù. ±×·¯³ª Å©°Ç ÀÛ°Ç ¹ßÇ¥ÈÄ ¹ß°ßµÇ´Â ¹®Á¦µéÀ»
	ÇÇÇÒ ¼ö ¾ø´Ù. ±×·¡¼ ¼ÒÇÁÆ®¿þ¾î¸¦ ÃÖ½Å¹öÀüÀ¸·Î À¯ÁöÇÏ´Â
	°ÍÀÌ Áß¿äÇÏ´Ù. ¾ÆÆÄÄ¡¿¡¼ Á÷Á¢ À¥¼¹ö¸¦ ´Ù¿î·ÎµåÇß´Ù¸é,
	»õ·Î¿î ¹öÀü°ú º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¾Ë·ÁÁÖ´Â <a
	href="http://httpd.apache.org/lists.html#http-announce">¾ÆÆÄÄ¡
	À¥¼¹ö ¹ßÇ¥ ¸ÞÀÏ¸µ¸®½ºÆ®</a>¸¦ ±¸µ¶ÇÏ±æ °·ÂÈ÷ ±ÇÇÑ´Ù.
	¾ÆÆÄÄ¡ ¼ÒÇÁÆ®¿þ¾î¸¦ ¹èÆ÷ÇÏ´Â ¸¹Àº Á¦»ïÀÚµéµµ ºñ½ÁÇÑ ¼ºñ½º¸¦
	Á¦°øÇÑ´Ù.</p>

	<p>¹°·Ð À¥¼¹ö ÄÚµå¶§¹®¿¡ À¥¼¹ö°¡ °ø°ÝÀ» ´çÇÏ´Â °æ¿ì´Â
	¸¹Áö ¾Ê´Ù. ±×º¸´Ù Ãß°¡ ÄÚµå, CGI ½ºÅ©¸³Æ®, ÇÏÀ§ ¿î¿µÃ¼Á¦ÀÇ
	¹®Á¦·Î °ø°ÝÀ» ´çÇÏ´Â °æ¿ì°¡ ¸¹´Ù. ±×·¯¹Ç·Î Ç×»ó ÁÖÀÇÇÏ¸ç
	½Ã½ºÅÛÀÇ ¸ðµç ¼ÒÇÁÆ®¿þ¾î¸¦ ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù.</p>

	</section>

	<section id="serverroot">

	<title>ServerRoot µð·ºÅä¸® ±ÇÇÑ</title>

	<p>º¸Åë root »ç¿ëÀÚ°¡ ¾ÆÆÄÄ¡¸¦ ½ÃÀÛÇÑ ÈÄ, ¿äÃ»À» ¼ºñ½ºÇÏ±âÀ§ÇØ
	<directive module="mpm_common">User</directive> Áö½Ã¾î·Î
	ÁöÁ¤ÇÑ »ç¿ëÀÚ·Î º¯È¯ÇÑ´Ù. root°¡ ½ÇÇàÇÏ´Â ¸í·É¾î°¡ ÀÖ´Ù¸é,
	root ÀÌ¿ÜÀÇ »ç¿ëÀÚ°¡ ¼öÁ¤ÇÏÁö ¸øÇÏµµ·Ï ÁÖÀÇÇØ¾ß ÇÑ´Ù. ÀÌ
	ÆÄÀÏµéÀ» root¸¸ ¾µ ¼ö ÀÖ¾î¾ß ÇÏ°í, µð·ºÅä¸®¿Í ¸ðµç »óÀ§µð·ºÅä¸®µµ
	¸¶Âù°¡Áö´Ù. ¿¹¸¦ µé¾î, ServerRoot·Î /usr/local/apache¸¦
	»ç¿ëÇÑ´Ù¸é root »ç¿ëÀÚ°¡ ´ÙÀ½°ú °°ÀÌ µð·ºÅä¸®¸¦ ¸¸µé±æ
	Á¦¾ÈÇÑ´Ù:</p>

	<example>
	mkdir /usr/local/apache <br />
	cd /usr/local/apache <br />
	mkdir bin conf logs <br />
	chown 0 . bin conf logs <br />
	chgrp 0 . bin conf logs <br />
	chmod 755 . bin conf logs
	</example>

	<p>±×·¯¸é /, /usr, /usr/local Àº root¸¸ÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù.
	httpd ½ÇÇàÆÄÀÏÀ» ¼³Ä¡ÇÒ¶§ ´ÙÀ½°ú °°ÀÌ º¸È£ÇØ¾ß ÇÑ´Ù:</p>

	<example>
	cp httpd /usr/local/apache/bin <br />
	chown 0 /usr/local/apache/bin/httpd <br />
	chgrp 0 /usr/local/apache/bin/httpd <br />
	chmod 511 /usr/local/apache/bin/httpd
	</example>

	<p>htdocs ÇÏÀ§µð·ºÅä¸®´Â ´Ù¸¥ »ç¿ëÀÚµéÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï
	¸¸µé ¼ö ÀÖ´Ù -- root´Â ±×°÷¿¡ ÀÖ´Â ÆÄÀÏÀ» ½ÇÇàÇÏÁöµµ, ¸¸µéÁöµµ
	¾Ê¾Æ¾ß ÇÑ´Ù.</p>

	<p>root°¡ ¾Æ´Ñ »ç¿ëÀÚ°¡ root°¡ ½ÇÇàÇÏ°Å³ª ¾²±â°¡´ÉÇÑ ÆÄÀÏÀ»
	¼öÁ¤ÇÒ ¼ö ÀÖ´Ù¸é ½Ã½ºÅÛÀÇ root ±ÇÇÑÀ» ÈÉÄ¥ ¼ö ÀÖ´Ù. ¿¹¸¦
	µé¾î, ´©±º°¡ httpd ½ÇÇàÆÄÀÏÀ» º¯°æÇÏ¿´´Ù¸é ´ÙÀ½¹ø ½ÃÀÛÇÒ¶§
	ÀÓÀÇÀÇ ÄÚµå¸¦ ½ÇÇàÇÏ°Ô µÈ´Ù. logs µð·ºÅä¸®°¡ (root°¡ ¾Æ´Ñ
	»ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é ´©±º°¡ ·Î±×ÆÄÀÏÀ» ´Ù¸¥ ½Ã½ºÅÛÆÄÀÏ·Î
	½Éº¼¸µÅ©¸¦ °É¾î¼ root°¡ ÆÄÀÏ¿¡ ÀÓÀÇÀÇ ÀÚ·á¸¦ µ¤¾î¾µ ¼ö
	ÀÖ´Ù. ·Î±×ÆÄÀÏÀÌ (root°¡ ¾Æ´Ñ »ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é
	´©±º°¡ ·Î±×¿¡ ÀÌ»óÇÑ ÀÚ·á¸¦ ±â·ÏÇÒ ¼ö ÀÖ´Ù.</p>

	</section>

	<section id="ssi">

	<title>Server Side Includes</title>

	<p>Server Side Includes (SSI)´Â ¼¹ö °ü¸®ÀÚ¿¡°Ô º¸¾È»ó ¸î°¡Áö
	ÀáÀçÀûÀÎ À§ÇèÀÌ´Ù.</p>

	<p>Ã¹¹øÂ° À§ÇèÀº ¼¹öÀÇ ºÎÇÏ¸¦ ´Ã¸®´Â Á¡ÀÌ´Ù. ¾ÆÆÄÄ¡´Â ÆÄÀÏ¿¡
	SSI Áö½Ã¾î°¡ ÀÖ´ÂÁö ¿©ºÎ¿Í °ü°è¾øÀÌ ¸ðµç SSI ÆÄÀÏÀ» ºÐ¼®ÇØ¾ß
	ÇÑ´Ù. Á¶±Ý ºÎÇÏ°¡ ´ÃÁö¸¸, ¼¹ö¸¦ ¿©·¯ »ç¶÷ÀÌ °°ÀÌ »ç¿ëÇÏ´Â
	È¯°æ¿¡¼´Â ½É°¢ÇÒ ¼ö ÀÖ´Ù.</p>

	<p>¶Ç, SSI ÆÄÀÏÀº ÀÏ¹ÝÀûÀÎ CGI ½ºÅ©¸³Æ®¿Í µ¿ÀÏÇÑ À§ÇèÀ»
	°¡Áø´Ù. SSI ÆÄÀÏ¿¡¼ "exec cmd"¸¦ »ç¿ëÇÏ¸é httpd.conf¿¡¼
	¾ÆÆÄÄ¡¸¦ ½ÇÇàÇÏµµ·Ï ¼³Á¤ÇÑ »ç¿ëÀÚ¿Í ±×·ì ±ÇÇÑÀ¸·Î CGI
	½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.</p>

	<p>ÀåÁ¡À» È°¿ëÇÏ¸é¼ SSI ÆÄÀÏÀÇ º¸¾ÈÀ» Çâ»ó½ÃÅ°´Â ¹æ¹ýÀÌ
	ÀÖ´Ù.</p>

	<p>SSI ÆÄÀÏÀÌ °¡Á®¿Ã ¼ö ÀÖ´Â ÇÇÇØ¸¦ °Ý¸®ÇÏ±âÀ§ÇØ ¼¹ö°ü¸®ÀÚ´Â
	<a href="#cgi">ÀÏ¹ÝÀûÀÎ CGI</a> Àý¿¡¼ ¼³¸íÇÏ´Â ¹æ¹ýÀ¸·Î
	<a href="../suexec.html">suexec</a>¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù</p>

	<p>.htmlÀÌ³ª .htm È®ÀåÀÚ¸¦ SSI ÆÄÀÏ·Î »ç¿ëÇÏ´Â °ÍÀº À§ÇèÇÏ´Ù.
	Æ¯È÷ ¿©·¯ »ç¶÷ÀÌ °øÀ¯ÇÏ°Å³ª Åë½Å·®ÀÌ ¸¹Àº ¼¹ö È¯°æ¿¡¼
	À§ÇèÇÏ´Ù. SSI ÆÄÀÏÀº ÀÏ¹ÝÀûÀ¸·Î ¸¹ÀÌ »ç¿ëÇÏ´Â .shtml °°Àº
	º°µµÀÇ È®ÀåÀÚ¸¦ °¡Á®¾ß ÇÑ´Ù. ±×·¯¸é ¼¹ö ºÎÇÏ¸¦ ÃÖ¼ÒÈÇÏ°í
	À§Çè¿ä¼Ò¸¦ ½±°Ô °ü¸®ÇÒ ¼ö ÀÖ´Ù.</p>

	<p>´Ù¸¥ ¹æ¹ýÀº SSI ÆäÀÌÁö°¡ ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÏÁö
	¸øÇÏµµ·Ï ¸¸µå´Â °ÍÀÌ´Ù. <directive
	module="core">Options</directive> Áö½Ã¾î¿¡¼ <code>Includes</code>
	´ë½Å <code>IncludesNOEXEC</code>¸¦ »ç¿ëÇÑ´Ù. ±×·¡µµ ½ºÅ©¸³Æ®°¡
	<directive module="mod_alias">ScriptAlias</directive> Áö½Ã¾î·Î
	ÁöÁ¤ÇÑ µð·ºÅä¸®¿¡ ÀÖ´Ù¸é <--#include virtual="..." -->¸¦
	»ç¿ëÇÏ¿© CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÒ ¼ö ÀÖÀ½À» ÁÖÀÇÇÏ¶ó.</p>

	</section>

	<section id="cgi">

	<title>ÀÏ¹ÝÀûÀÎ CGI</title>

	<p>°á±¹ ´ç½ÅÀº Ç×»ó CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ ÀúÀÚ¸¦ ½Å·ÚÇØ¾ß
	ÇÏ°í, °íÀÇ°Ç ½Ç¼öÀÌ°Ç CGIÀÇ ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» ¹ß°ßÇÒ
	¼ö ÀÖ¾î¾ß ÇÑ´Ù. ±âº»ÀûÀ¸·Î CGI ½ºÅ©¸³Æ®´Â À¥¼¹ö »ç¿ëÀÚ
	±ÇÇÑÀ¸·Î ½Ã½ºÅÛ¿¡¼ ¾î¶² ¸í·É¾î¶óµµ ½ÇÇàÇÒ ¼ö ÀÖ±â¶§¹®¿¡
	ÁÖÀÇÀÖ°Ô È®ÀÎÇÏÁö ¾ÊÀ¸¸é ¸Å¿ì À§ÇèÇÏ´Ù.</p>

	<p>¸ðµç CGI ½ºÅ©¸³Æ®°¡ °°Àº »ç¿ëÀÚ·Î ½ÇÇàµÇ±â¶§¹®¿¡ ´Ù¸¥
	½ºÅ©¸³Æ®¿Í (°íÀÇ°Ç ½Ç¼öÀÌ°Ç) Ãæµ¹ÇÒ °¡´É¼ºÀÌ ÀÖ´Ù. ¿¹¸¦
	µé¾î, »ç¿ëÀÚ A´Â »ç¿ëÀÚ B¸¦ ¸Å¿ì ½È¾îÇÏ¿©, »ç¿ëÀÚ BÀÇ CGI
	µ¥ÀÌÅÍº£ÀÌ½º¸¦ Áö¿ö¹ö¸®´Â ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÒ ¼ö ÀÖ´Ù. ¾ÆÆÄÄ¡
	1.2 ¹öÀüºÎÅÍ Æ÷ÇÔµÇ¾ú°í ¾ÆÆÄÄ¡ ¼¹ö¿¡¼ Æ¯º°ÇÑ ÈÅ(hook)À¸·Î
	µ¿ÀÛÇÏ´Â <a href="../suexec.html">suEXEC</a>´Â ½ºÅ©¸³Æ®¸¦
	´Ù¸¥ »ç¿ëÀÚ·Î ½ÇÇàÇÏ´Â ¹æ¹ýÁß ÇÏ³ª´Ù. ´Ù¸¥ ´ëÁßÀûÀÎ ¹æ¹ý¿¡´Â
	<a href="http://cgiwrap.unixtools.org/">CGIWrap</a>ÀÌ ÀÖ´Ù.</p>

	</section>

	<section id="nsaliasedcgi">

	<title>ScriptAliasÇÏÁö ¾ÊÀº CGI</title>

	<p>´ÙÀ½ Á¶°ÇÀ» ¸¸Á·ÇÒ¶§¸¸ »ç¿ëÀÚ°¡ ¾î¶² µð·ºÅä¸®¿¡¼¶óµµ
	CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÏµµ·Ï Çã¿ëÇÒ ¼ö ÀÖ´Ù:</p>

	<ul>
	<li>´ç½ÅÀº °íÀÇ°Ç ½Ç¼öÀÌ°Ç »ç¿ëÀÚ°¡ ½Ã½ºÅÛÀ» °ø°Ý¿¡ ³ëÃâ½ÃÅ°´Â
	½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÏÁö ¾Ê´Â´Ù°í ¹Ï´Â´Ù.</li>
	<li>½Ã½ºÅÛÀÇ ´Ù¸¥ ºÎºÐÀÇ º¸¾ÈÀÌ ¾àÇØ¼, ÀáÀçÀûÀÎ ÇãÁ¡À»
	ÇÏ³ª ´õ ¸¸µé¾îµµ ³ªºüÁú °ÍÀÌ ¾ø´Ù°í »ý°¢ÇÏ´Â °æ¿ì.</li>
	<li>»ç¿ëÀÚ°¡ ¾ø°í, ¾Æ¸¶ ¾Æ¹«µµ ¼¹ö¸¦ ¹æ¹®ÇÏÁö¾Ê´Â °æ¿ì.</li>
	</ul>

	</section>

	<section id="saliasedcgi">

	<title>ScriptAliasÇÑ CGI</title>

	<p>Æ¯Á¤ µð·ºÅä¸®¿¡¼¸¸ CGI¸¦ ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï Á¦ÇÑÇÏ¸é °ü¸®ÀÚ´Â
	ÀÌµé µð·ºÅä¸®¸¦ ÅëÁ¦ÇÒ ¼ö ÀÖ´Ù. ÀÌ °æ¿ì´Â scriptaliasÇÏÁö
	¾ÊÀº CGIº¸´Ù È®½ÇÈ÷ ¾ÈÀüÇÏ´Ù. ´Ü, ½Å·ÚÇÏ´Â »ç¿ëÀÚ¸¸ µð·ºÅä¸®¿¡
	Á¢±ÙÇÒ ¼ö ÀÖ°í, °ü¸®ÀÚ°¡ »õ·Î¿î CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ
	ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» °Ë»çÇÒ ¿ëÀÌ°¡ ÀÖ´Ù¸é.</p>

	<p>´ëºÎºÐÀÇ »çÀÌÆ®´Â scriptaliasÇÏÁö ¾ÊÀº CGI ¹æ½Ä ´ë½Å
	ÀÌ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù.</p>

	</section>

	<section id="dynamic">

	<title>µ¿Àû ³»¿ëÀ» »ý¼ºÇÏ´Â ´Ù¸¥ ¹æ¹ý</title>

	<p>
	mod_php, mod_perl, mod_tcl, mod_python °°ÀÌ ¼¹öÀÇ ÀÏºÎ·Î
	µ¿ÀÛÇÏ´Â ÀÓº£µðµå ½ºÅ©¸³Æ®´Â ¼¹ö¿Í °°Àº »ç¿ëÀÚ·Î (<directive
	module="mpm_common">User</directive> Áö½Ã¾î Âü°í) ½ÇÇàµÇ±â¶§¹®¿¡,
	½ºÅ©¸³Æ® ¿£ÁøÀÌ ½ÇÇàÇÏ´Â ½ºÅ©¸³Æ®´Â ÀáÀçÀûÀ¸·Î ¼¹ö »ç¿ëÀÚ°¡
	Á¢±ÙÇÒ ¼ö ÀÖ´Â ¸ðµç °Í¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Ù. ¾î¶² ½ºÅ©¸³Æ® ¿£ÁøÀº
	¾î´ÀÁ¤µµ Á¦ÇÑÀ» ÇÏÁö¸¸, ¾ÈÀüÇÏ´Ù°í °¡Á¤ÇÏÁö ¾Ê´Â °ÍÀÌ ÁÁ´Ù.</p>

	</section>

	<section id="systemsettings">

	<title>½Ã½ºÅÛ ¼³Á¤ º¸È£ÇÏ±â</title>

	<p>Á¤¸»·Î ¾ÈÀüÇÑ ¼¹ö¸¦ ¿î¿µÇÏ·Á¸é »ç¿ëÀÚ°¡
	<code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÏ¿© ´ç½ÅÀÌ ¼³Á¤ÇÑ º¸¾È±â´ÉÀ»
	º¯°æÇÏ±æ ¹Ù¶óÁö ¾ÊÀ» °ÍÀÌ´Ù. ±×·¯±âÀ§ÇØ ´ÙÀ½°ú °°Àº ¹æ¹ýÀÌ
	ÀÖ´Ù.</p>

	<p>¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡ÇÑ´Ù</p>

	<example>
	<Directory /> <br />
	AllowOverride None <br />
	</Directory>
	</example>

	<p>±×·¯¸é »ç¿ë°¡´ÉÇÏµµ·Ï ¸í½ÃÀûÀ¸·Î Çã¿ëÇÑ µð·ºÅä¸®¸¦ Á¦¿ÜÇÏ°í´Â
	<code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÒ ¼ö ¾ø´Ù.</p>

	</section>

	<section id="protectserverfiles">

	<title>±âº»ÀûÀ¸·Î ¼¹ö¿¡ ÀÖ´Â ÆÄÀÏ º¸È£ÇÏ±â</title>

	<p>»ç¶÷µéÀº Á¾Á¾ ¾ÆÆÄÄ¡ÀÇ ±âº» Á¢±Ù¿¡ ´ëÇØ Àß¸ø ¾Ë°íÀÖ´Ù.
	Áï, ¼¹ö°¡ ÀÏ¹ÝÀûÀÎ URL ´ëÀÀ ±ÔÄ¢À» »ç¿ëÇÏ¿© ÆÄÀÏÀ» Ã£À»
	¼ö ÀÖ´Ù¸é, Æ¯º°È÷ Á¶Ä¡¸¦ ÇÏÁö ¾Ê´ÂÇÑ Å¬¶óÀÌ¾ðÆ®¿¡°Ô ÆÄÀÏÀÌ
	¼ºñ½ºµÉ ¼ö ÀÖ´Ù.</p>

	<p>¿¹¸¦ µé¾î, ¾Æ·¡¿Í °°Àº °æ¿ì:</p>

	<example>
	# cd /; ln -s / public_html <br />
	<code>http://localhost/~root/</code> ¿¡ Á¢±ÙÇÑ´Ù
	</example>

	<p>±×·¯¸é Å¬¶óÀÌ¾ðÆ®´Â ÀüÃ¼ ÆÄÀÏ½Ã½ºÅÛÀ» µ¹¾Æ´Ù´Ò ¼ö ÀÖ´Ù.
	ÀÌ¸¦ ¸·±âÀ§ÇØ ¼¹ö¼³Á¤¿¡¼ ´ÙÀ½°ú °°Àº Á¶Ä¡¸¦ ÇÑ´Ù:</p>

	<example>
	<Directory /> <br />
	Order Deny,Allow <br />
	Deny from all <br />
	</Directory>
	</example>

	<p>±×·¯¸é ÆÄÀÏ½Ã½ºÅÛ À§Ä¡¿¡ ´ëÇØ ±âº» Á¢±ÙÀÌ °ÅºÎµÈ´Ù.
	¿øÇÏ´Â ¿µ¿ª¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï ´ÙÀ½°ú °°Àº <directive
	module="core">Directory</directive> ºí·ÏÀ» Ãß°¡ÇÑ´Ù.</p>

	<example>
	<Directory /usr/users/*/public_html> <br />
	Order Deny,Allow <br />
	Allow from all <br />
	</Directory> <br />
	<Directory /usr/local/httpd> <br />
	Order Deny,Allow <br />
	Allow from all <br />
	</Directory>
	</example>

	<p><directive module="core">Location</directive>°ú <directive
	module="core">Directory</directive> Áö½Ã¾î¸¦ °°ÀÌ »ç¿ëÇÏ´Â
	°æ¿ì Æ¯º°È÷ ÁÖÀÇ¸¦ ±â¿ï¿©¶ó. ¿¹¸¦ µé¾î, <code><Directory
	/></code>°¡ Á¢±ÙÀ» °ÅºÎÇÏ´õ¶óµµ <code><Location
	/></code> Áö½Ã¾î°¡ ÀÌ¸¦ ¹«½ÃÇÒ ¼ö ÀÖ´Ù</p>

	<p><directive module="mod_userdir">UserDir</directive> Áö½Ã¾î¸¦
	»ç¿ëÇÏ´Â °æ¿ì¿¡µµ ÁÖÀÇÇÏ¶ó. Áö½Ã¾î¸¦ "./" °°ÀÌ ¼³Á¤ÇÏ¸é
	root »ç¿ëÀÚ¿¡ ´ëÇØ ¹Ù·Î À§ÀÇ °æ¿ì¿Í °°Àº ¹®Á¦°¡ ¹ß»ýÇÑ´Ù.
	¾ÆÆÄÄ¡ 1.3 ÀÌ»óÀ» »ç¿ëÇÑ´Ù¸é ¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ¾Æ·¡ ÁÙÀ» Ãß°¡ÇÏ±æ
	°·ÂÈ÷ ±ÇÇÑ´Ù:</p>

	<example>
	UserDir disabled root
	</example>

	</section>

	<section id="watchyourlogs">

	<title>·Î±× »ìÆìº¸±â</title>

	<p>½ÇÁ¦·Î ¼¹ö¿¡¼ ¹«½¼ ÀÏÀÌ ÀÖ¾î³ª°í ÀÖ´ÂÁö ¾Ë·Á¸é <a
	href="../logs.html">·Î±×ÆÄÀÏ</a>À» »ìÆìºÁ¾ß ÇÑ´Ù. ·Î±×ÆÄÀÏÀº
	ÀÌ¹Ì ÀÏ¾î³ ÀÏ¸¸À» º¸°íÇÏÁö¸¸, ¼¹ö¿¡ ¾î¶² °ø°ÝÀÌ ÀÖ¾ú´ÂÁö
	¾Ë·ÁÁÖ°í ÇöÀç ÇÊ¿äÇÑ ¸¸Å ¾ÈÀüÇÑÁö È®ÀÎÇÏ°Ô ÇØÁØ´Ù.</p>

	<p>¿©·¯°¡Áö ¿¹:</p>

	<example>
	grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
	grep "client denied" error_log \| tail -n 10
	</example>

	<p>Ã¹¹øÂ° ¿¹´Â <a
	href="http://online.securityfocus.com/bid/4876/info/">Àß¸øµÈ
	Source.JSP ¿äÃ»À¸·Î ¼¹öÁ¤º¸¸¦ ¾Ë¾Æ³¾ ¼ö ÀÖ´Â TomcatÀÇ
	Ãë¾àÁ¡</a>¸¦ ÀÌ¿ëÇÏ·Á´Â °ø°Ý È½¼ö¸¦ ¾Ë·ÁÁÖ°í, µÎ¹øÂ° ¿¹´Â
	Á¢±ÙÀÌ °ÅºÎµÈ ÃÖ±Ù Å¬¶óÀÌ¾ðÆ® 10°³¸¦ ´ÙÀ½°ú °°ÀÌ º¸¿©ÁØ´Ù:</p>

	<example>
	[Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied
	by server configuration: /usr/local/apache/htdocs/.htpasswd
	</example>

	<p>Àß ¾Ë µíÀÌ ·Î±×ÆÄÀÏÀº ÀÌ¹Ì ¹ß»ýÇÑ »ç°Ç¸¸À» º¸°íÇÑ´Ù.
	±×·¡¼ Å¬¶óÀÌ¾ðÆ®°¡ <code>.htpasswd</code> ÆÄÀÏ¿¡ Á¢±ÙÇÒ
	¼ö ÀÖ¾ú´Ù¸é <a href="../logs.html#accesslog">Á¢±Ù ·Î±×</a>¿¡
	´ÙÀ½°ú °°Àº ±â·ÏÀÌ ³²À» °ÍÀÌ´Ù:</p>

	<example>
	foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
	</example>

	<p>Áï, ´ç½ÅÀº ¼¹ö ¼³Á¤ÆÄÀÏ¿¡¼ ´ÙÀ½ ºÎºÐÀ» ÁÖ¼®Ã³¸®ÇßÀ»
	°ÍÀÌ´Ù:</p>

	<example>
	<Files ".ht*"> <br />
	Order allow,deny <br />
	Deny from all <br />
	<Files>
	</example>

	</section>

	</manualpage>