| <?xml version="1.0" encoding="EUC-KR" ?> |
| <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd"> |
| <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?> |
| <!-- English Revision: 105989:1673563 (outdated) --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <manualpage metafile="security_tips.xml.meta"> |
| <parentdocument href="./">Miscellaneous Documentation</parentdocument> |
| |
| <title>º¸¾È ÆÁ</title> |
| |
| <summary> |
| <p>À¥¼¹ö¸¦ ¿î¿µÇÒ¶§ µµ¿òÀÌ µÉ º¸¾È °ü·Ã ÈùÆ®¿Í ÆÁÀÌ´Ù. |
| ¾î¶² °ÍÀº ÀϹÝÀûÀÌ°í, ¾î¶² °ÍÀº ¾ÆÆÄÄ¡¿¡¸¸ ÇØ´çÇÏ´Â °ÍÀÌ´Ù.</p> |
| </summary> |
| |
| <section id="uptodate"><title>ÃÖ½ÅÆÇÀ¸·Î À¯ÁöÇϱâ</title> |
| |
| <p>¾ÆÆÄÄ¡ À¥¼¹ö´Â ¾ÈÀü°ú º¸¾È ¹®Á¦¿¡ °ü½ÉÀÌ ¸¹Àº °³¹ßÀÚ |
| °øµ¿Ã¼·Î À¯¸íÇÏ´Ù. ±×·¯³ª Å©°Ç ÀÛ°Ç ¹ßÇ¥ÈÄ ¹ß°ßµÇ´Â ¹®Á¦µéÀ» |
| ÇÇÇÒ ¼ö ¾ø´Ù. ±×·¡¼ ¼ÒÇÁÆ®¿þ¾î¸¦ ÃֽŹöÀüÀ¸·Î À¯ÁöÇÏ´Â |
| °ÍÀÌ Áß¿äÇÏ´Ù. ¾ÆÆÄÄ¡¿¡¼ Á÷Á¢ À¥¼¹ö¸¦ ´Ù¿î·ÎµåÇß´Ù¸é, |
| »õ·Î¿î ¹öÀü°ú º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¾Ë·ÁÁÖ´Â <a |
| href="http://httpd.apache.org/lists.html#http-announce">¾ÆÆÄÄ¡ |
| À¥¼¹ö ¹ßÇ¥ ¸ÞÀϸµ¸®½ºÆ®</a>¸¦ ±¸µ¶ÇÏ±æ °·ÂÈ÷ ±ÇÇÑ´Ù. |
| ¾ÆÆÄÄ¡ ¼ÒÇÁÆ®¿þ¾î¸¦ ¹èÆ÷ÇÏ´Â ¸¹Àº Á¦»ïÀڵ鵵 ºñ½ÁÇÑ ¼ºñ½º¸¦ |
| Á¦°øÇÑ´Ù.</p> |
| |
| <p>¹°·Ð À¥¼¹ö Äڵ嶧¹®¿¡ À¥¼¹ö°¡ °ø°ÝÀ» ´çÇÏ´Â °æ¿ì´Â |
| ¸¹Áö ¾Ê´Ù. ±×º¸´Ù Ãß°¡ ÄÚµå, CGI ½ºÅ©¸³Æ®, ÇÏÀ§ ¿î¿µÃ¼Á¦ÀÇ |
| ¹®Á¦·Î °ø°ÝÀ» ´çÇÏ´Â °æ¿ì°¡ ¸¹´Ù. ±×·¯¹Ç·Î Ç×»ó ÁÖÀÇÇϸç |
| ½Ã½ºÅÛÀÇ ¸ðµç ¼ÒÇÁÆ®¿þ¾î¸¦ ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù.</p> |
| |
| </section> |
| |
| <section id="serverroot"> |
| |
| <title>ServerRoot µð·ºÅ丮 ±ÇÇÑ</title> |
| |
| <p>º¸Åë root »ç¿ëÀÚ°¡ ¾ÆÆÄÄ¡¸¦ ½ÃÀÛÇÑ ÈÄ, ¿äûÀ» ¼ºñ½ºÇϱâÀ§ÇØ |
| <directive module="mpm_common">User</directive> Áö½Ã¾î·Î |
| ÁöÁ¤ÇÑ »ç¿ëÀÚ·Î º¯È¯ÇÑ´Ù. root°¡ ½ÇÇàÇÏ´Â ¸í·É¾î°¡ ÀÖ´Ù¸é, |
| root ÀÌ¿ÜÀÇ »ç¿ëÀÚ°¡ ¼öÁ¤ÇÏÁö ¸øÇϵµ·Ï ÁÖÀÇÇØ¾ß ÇÑ´Ù. ÀÌ |
| ÆÄÀϵéÀ» root¸¸ ¾µ ¼ö ÀÖ¾î¾ß ÇÏ°í, µð·ºÅ丮¿Í ¸ðµç »óÀ§µð·ºÅ丮µµ |
| ¸¶Âù°¡Áö´Ù. ¿¹¸¦ µé¾î, ServerRoot·Î /usr/local/apache¸¦ |
| »ç¿ëÇÑ´Ù¸é root »ç¿ëÀÚ°¡ ´ÙÀ½°ú °°ÀÌ µð·ºÅ丮¸¦ ¸¸µé±æ |
| Á¦¾ÈÇÑ´Ù:</p> |
| |
| <example> |
| mkdir /usr/local/apache <br /> |
| cd /usr/local/apache <br /> |
| mkdir bin conf logs <br /> |
| chown 0 . bin conf logs <br /> |
| chgrp 0 . bin conf logs <br /> |
| chmod 755 . bin conf logs |
| </example> |
| |
| <p>±×·¯¸é /, /usr, /usr/local Àº root¸¸ÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù. |
| httpd ½ÇÇàÆÄÀÏÀ» ¼³Ä¡ÇÒ¶§ ´ÙÀ½°ú °°ÀÌ º¸È£ÇØ¾ß ÇÑ´Ù:</p> |
| |
| <example> |
| cp httpd /usr/local/apache/bin <br /> |
| chown 0 /usr/local/apache/bin/httpd <br /> |
| chgrp 0 /usr/local/apache/bin/httpd <br /> |
| chmod 511 /usr/local/apache/bin/httpd |
| </example> |
| |
| <p>htdocs ÇÏÀ§µð·ºÅ丮´Â ´Ù¸¥ »ç¿ëÀÚµéÀÌ ¼öÁ¤ÇÒ ¼ö ÀÖµµ·Ï |
| ¸¸µé ¼ö ÀÖ´Ù -- root´Â ±×°÷¿¡ ÀÖ´Â ÆÄÀÏÀ» ½ÇÇàÇÏÁöµµ, ¸¸µéÁöµµ |
| ¾Ê¾Æ¾ß ÇÑ´Ù.</p> |
| |
| <p>root°¡ ¾Æ´Ñ »ç¿ëÀÚ°¡ root°¡ ½ÇÇàÇϰųª ¾²±â°¡´ÉÇÑ ÆÄÀÏÀ» |
| ¼öÁ¤ÇÒ ¼ö ÀÖ´Ù¸é ½Ã½ºÅÛÀÇ root ±ÇÇÑÀ» ÈÉÄ¥ ¼ö ÀÖ´Ù. ¿¹¸¦ |
| µé¾î, ´©±º°¡ httpd ½ÇÇàÆÄÀÏÀ» º¯°æÇÏ¿´´Ù¸é ´ÙÀ½¹ø ½ÃÀÛÇÒ¶§ |
| ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÏ°Ô µÈ´Ù. logs µð·ºÅ丮°¡ (root°¡ ¾Æ´Ñ |
| »ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é ´©±º°¡ ·Î±×ÆÄÀÏÀ» ´Ù¸¥ ½Ã½ºÅÛÆÄÀÏ·Î |
| ½Éº¼¸µÅ©¸¦ °É¾î¼ root°¡ ÆÄÀÏ¿¡ ÀÓÀÇÀÇ ÀڷḦ µ¤¾î¾µ ¼ö |
| ÀÖ´Ù. ·Î±×ÆÄÀÏÀÌ (root°¡ ¾Æ´Ñ »ç¿ëÀÚ¿¡°Ô) ¾²±â°¡´ÉÇÏ´Ù¸é |
| ´©±º°¡ ·Î±×¿¡ ÀÌ»óÇÑ ÀڷḦ ±â·ÏÇÒ ¼ö ÀÖ´Ù.</p> |
| |
| </section> |
| |
| <section id="ssi"> |
| |
| <title>Server Side Includes</title> |
| |
| <p>Server Side Includes (SSI)´Â ¼¹ö °ü¸®ÀÚ¿¡°Ô º¸¾È»ó ¸î°¡Áö |
| ÀáÀçÀûÀÎ À§ÇèÀÌ´Ù.</p> |
| |
| <p>ù¹ø° À§ÇèÀº ¼¹öÀÇ ºÎÇϸ¦ ´Ã¸®´Â Á¡ÀÌ´Ù. ¾ÆÆÄÄ¡´Â ÆÄÀÏ¿¡ |
| SSI Áö½Ã¾î°¡ ÀÖ´ÂÁö ¿©ºÎ¿Í °ü°è¾øÀÌ ¸ðµç SSI ÆÄÀÏÀ» ºÐ¼®ÇØ¾ß |
| ÇÑ´Ù. Á¶±Ý ºÎÇÏ°¡ ´ÃÁö¸¸, ¼¹ö¸¦ ¿©·¯ »ç¶÷ÀÌ °°ÀÌ »ç¿ëÇÏ´Â |
| ȯ°æ¿¡¼´Â ½É°¢ÇÒ ¼ö ÀÖ´Ù.</p> |
| |
| <p>¶Ç, SSI ÆÄÀÏÀº ÀϹÝÀûÀÎ CGI ½ºÅ©¸³Æ®¿Í µ¿ÀÏÇÑ À§ÇèÀ» |
| °¡Áø´Ù. SSI ÆÄÀÏ¿¡¼ "exec cmd"¸¦ »ç¿ëÇϸé httpd.conf¿¡¼ |
| ¾ÆÆÄÄ¡¸¦ ½ÇÇàÇϵµ·Ï ¼³Á¤ÇÑ »ç¿ëÀÚ¿Í ±×·ì ±ÇÇÑÀ¸·Î CGI |
| ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.</p> |
| |
| <p>ÀåÁ¡À» È°¿ëÇÏ¸é¼ SSI ÆÄÀÏÀÇ º¸¾ÈÀ» Çâ»ó½ÃÅ°´Â ¹æ¹ýÀÌ |
| ÀÖ´Ù.</p> |
| |
| <p>SSI ÆÄÀÏÀÌ °¡Á®¿Ã ¼ö ÀÖ´Â ÇÇÇظ¦ °Ý¸®ÇϱâÀ§ÇØ ¼¹ö°ü¸®ÀÚ´Â |
| <a href="#cgi">ÀϹÝÀûÀÎ CGI</a> Àý¿¡¼ ¼³¸íÇÏ´Â ¹æ¹ýÀ¸·Î |
| <a href="../suexec.html">suexec</a>¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù</p> |
| |
| <p>.htmlÀ̳ª .htm È®ÀåÀÚ¸¦ SSI ÆÄÀÏ·Î »ç¿ëÇÏ´Â °ÍÀº À§ÇèÇÏ´Ù. |
| ƯÈ÷ ¿©·¯ »ç¶÷ÀÌ °øÀ¯Çϰųª Åë½Å·®ÀÌ ¸¹Àº ¼¹ö ȯ°æ¿¡¼ |
| À§ÇèÇÏ´Ù. SSI ÆÄÀÏÀº ÀϹÝÀûÀ¸·Î ¸¹ÀÌ »ç¿ëÇÏ´Â .shtml °°Àº |
| º°µµÀÇ È®ÀåÀÚ¸¦ °¡Á®¾ß ÇÑ´Ù. ±×·¯¸é ¼¹ö ºÎÇϸ¦ ÃÖ¼ÒÈÇÏ°í |
| À§Çè¿ä¼Ò¸¦ ½±°Ô °ü¸®ÇÒ ¼ö ÀÖ´Ù.</p> |
| |
| <p>´Ù¸¥ ¹æ¹ýÀº SSI ÆäÀÌÁö°¡ ½ºÅ©¸³Æ®³ª ÇÁ·Î±×·¥À» ½ÇÇàÇÏÁö |
| ¸øÇϵµ·Ï ¸¸µå´Â °ÍÀÌ´Ù. <directive |
| module="core">Options</directive> Áö½Ã¾î¿¡¼ <code>Includes</code> |
| ´ë½Å <code>IncludesNOEXEC</code>¸¦ »ç¿ëÇÑ´Ù. ±×·¡µµ ½ºÅ©¸³Æ®°¡ |
| <directive module="mod_alias">ScriptAlias</directive> Áö½Ã¾î·Î |
| ÁöÁ¤ÇÑ µð·ºÅ丮¿¡ ÀÖ´Ù¸é <--#include virtual="..." -->¸¦ |
| »ç¿ëÇÏ¿© CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÒ ¼ö ÀÖÀ½À» ÁÖÀÇÇ϶ó.</p> |
| |
| </section> |
| |
| <section id="cgi"> |
| |
| <title>ÀϹÝÀûÀÎ CGI</title> |
| |
| <p>°á±¹ ´ç½ÅÀº Ç×»ó CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ ÀúÀÚ¸¦ ½Å·ÚÇØ¾ß |
| ÇÏ°í, °íÀÇ°Ç ½Ç¼öÀÌ°Ç CGIÀÇ ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» ¹ß°ßÇÒ |
| ¼ö ÀÖ¾î¾ß ÇÑ´Ù. ±âº»ÀûÀ¸·Î CGI ½ºÅ©¸³Æ®´Â À¥¼¹ö »ç¿ëÀÚ |
| ±ÇÇÑÀ¸·Î ½Ã½ºÅÛ¿¡¼ ¾î¶² ¸í·É¾î¶óµµ ½ÇÇàÇÒ ¼ö Àֱ⶧¹®¿¡ |
| ÁÖÀÇÀÖ°Ô È®ÀÎÇÏÁö ¾ÊÀ¸¸é ¸Å¿ì À§ÇèÇÏ´Ù.</p> |
| |
| <p>¸ðµç CGI ½ºÅ©¸³Æ®°¡ °°Àº »ç¿ëÀÚ·Î ½ÇÇàµÇ±â¶§¹®¿¡ ´Ù¸¥ |
| ½ºÅ©¸³Æ®¿Í (°íÀÇ°Ç ½Ç¼öÀÌ°Ç) Ãæµ¹ÇÒ °¡´É¼ºÀÌ ÀÖ´Ù. ¿¹¸¦ |
| µé¾î, »ç¿ëÀÚ A´Â »ç¿ëÀÚ B¸¦ ¸Å¿ì ½È¾îÇÏ¿©, »ç¿ëÀÚ BÀÇ CGI |
| µ¥ÀÌÅͺ£À̽º¸¦ Áö¿ö¹ö¸®´Â ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÒ ¼ö ÀÖ´Ù. ¾ÆÆÄÄ¡ |
| 1.2 ¹öÀüºÎÅÍ Æ÷ÇԵǾú°í ¾ÆÆÄÄ¡ ¼¹ö¿¡¼ Ưº°ÇÑ ÈÅ(hook)À¸·Î |
| µ¿ÀÛÇÏ´Â <a href="../suexec.html">suEXEC</a>´Â ½ºÅ©¸³Æ®¸¦ |
| ´Ù¸¥ »ç¿ëÀÚ·Î ½ÇÇàÇÏ´Â ¹æ¹ýÁß Çϳª´Ù. ´Ù¸¥ ´ëÁßÀûÀÎ ¹æ¹ý¿¡´Â |
| <a href="http://cgiwrap.unixtools.org/">CGIWrap</a>ÀÌ ÀÖ´Ù.</p> |
| |
| </section> |
| |
| <section id="nsaliasedcgi"> |
| |
| <title>ScriptAliasÇÏÁö ¾ÊÀº CGI</title> |
| |
| <p>´ÙÀ½ Á¶°ÇÀ» ¸¸Á·ÇÒ¶§¸¸ »ç¿ëÀÚ°¡ ¾î¶² µð·ºÅ丮¿¡¼¶óµµ |
| CGI ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇϵµ·Ï Çã¿ëÇÒ ¼ö ÀÖ´Ù:</p> |
| |
| <ul> |
| <li>´ç½ÅÀº °íÀÇ°Ç ½Ç¼öÀÌ°Ç »ç¿ëÀÚ°¡ ½Ã½ºÅÛÀ» °ø°Ý¿¡ ³ëÃâ½ÃÅ°´Â |
| ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇÏÁö ¾Ê´Â´Ù°í ¹Ï´Â´Ù.</li> |
| <li>½Ã½ºÅÛÀÇ ´Ù¸¥ ºÎºÐÀÇ º¸¾ÈÀÌ ¾àÇؼ, ÀáÀçÀûÀÎ ÇãÁ¡À» |
| Çϳª ´õ ¸¸µé¾îµµ ³ªºüÁú °ÍÀÌ ¾ø´Ù°í »ý°¢ÇÏ´Â °æ¿ì.</li> |
| <li>»ç¿ëÀÚ°¡ ¾ø°í, ¾Æ¸¶ ¾Æ¹«µµ ¼¹ö¸¦ ¹æ¹®ÇÏÁö¾Ê´Â °æ¿ì.</li> |
| </ul> |
| |
| </section> |
| |
| <section id="saliasedcgi"> |
| |
| <title>ScriptAliasÇÑ CGI</title> |
| |
| <p>ƯÁ¤ µð·ºÅ丮¿¡¼¸¸ CGI¸¦ ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï Á¦ÇÑÇÏ¸é °ü¸®ÀÚ´Â |
| ÀÌµé µð·ºÅ丮¸¦ ÅëÁ¦ÇÒ ¼ö ÀÖ´Ù. ÀÌ °æ¿ì´Â scriptaliasÇÏÁö |
| ¾ÊÀº CGIº¸´Ù È®½ÇÈ÷ ¾ÈÀüÇÏ´Ù. ´Ü, ½Å·ÚÇÏ´Â »ç¿ëÀÚ¸¸ µð·ºÅ丮¿¡ |
| Á¢±ÙÇÒ ¼ö ÀÖ°í, °ü¸®ÀÚ°¡ »õ·Î¿î CGI ½ºÅ©¸³Æ®/ÇÁ·Î±×·¥ÀÇ |
| ÀáÀçÀûÀÎ º¸¾È»ó ÇãÁ¡À» °Ë»çÇÒ ¿ëÀÌ°¡ ÀÖ´Ù¸é.</p> |
| |
| <p>´ëºÎºÐÀÇ »çÀÌÆ®´Â scriptaliasÇÏÁö ¾ÊÀº CGI ¹æ½Ä ´ë½Å |
| ÀÌ ¹æ½ÄÀ» »ç¿ëÇÑ´Ù.</p> |
| |
| </section> |
| |
| <section id="dynamic"> |
| |
| <title>µ¿Àû ³»¿ëÀ» »ý¼ºÇÏ´Â ´Ù¸¥ ¹æ¹ý</title> |
| |
| <p> |
| mod_php, mod_perl, mod_tcl, mod_python °°ÀÌ ¼¹öÀÇ ÀϺηΠ|
| µ¿ÀÛÇÏ´Â ÀÓº£µðµå ½ºÅ©¸³Æ®´Â ¼¹ö¿Í °°Àº »ç¿ëÀÚ·Î (<directive |
| module="mpm_common">User</directive> Áö½Ã¾î Âü°í) ½ÇÇàµÇ±â¶§¹®¿¡, |
| ½ºÅ©¸³Æ® ¿£ÁøÀÌ ½ÇÇàÇÏ´Â ½ºÅ©¸³Æ®´Â ÀáÀçÀûÀ¸·Î ¼¹ö »ç¿ëÀÚ°¡ |
| Á¢±ÙÇÒ ¼ö ÀÖ´Â ¸ðµç °Í¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Ù. ¾î¶² ½ºÅ©¸³Æ® ¿£ÁøÀº |
| ¾î´ÀÁ¤µµ Á¦ÇÑÀ» ÇÏÁö¸¸, ¾ÈÀüÇÏ´Ù°í °¡Á¤ÇÏÁö ¾Ê´Â °ÍÀÌ ÁÁ´Ù.</p> |
| |
| </section> |
| |
| <section id="systemsettings"> |
| |
| <title>½Ã½ºÅÛ ¼³Á¤ º¸È£Çϱâ</title> |
| |
| <p>Á¤¸»·Î ¾ÈÀüÇÑ ¼¹ö¸¦ ¿î¿µÇÏ·Á¸é »ç¿ëÀÚ°¡ |
| <code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÏ¿© ´ç½ÅÀÌ ¼³Á¤ÇÑ º¸¾È±â´ÉÀ» |
| º¯°æÇÏ±æ ¹Ù¶óÁö ¾ÊÀ» °ÍÀÌ´Ù. ±×·¯±âÀ§ÇØ ´ÙÀ½°ú °°Àº ¹æ¹ýÀÌ |
| ÀÖ´Ù.</p> |
| |
| <p>¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ´ÙÀ½À» Ãß°¡ÇÑ´Ù</p> |
| |
| <example> |
| <Directory /> <br /> |
| AllowOverride None <br /> |
| </Directory> |
| </example> |
| |
| <p>±×·¯¸é »ç¿ë°¡´ÉÇϵµ·Ï ¸í½ÃÀûÀ¸·Î Çã¿ëÇÑ µð·ºÅ丮¸¦ Á¦¿ÜÇÏ°í´Â |
| <code>.htaccess</code> ÆÄÀÏÀ» »ç¿ëÇÒ ¼ö ¾ø´Ù.</p> |
| |
| </section> |
| |
| <section id="protectserverfiles"> |
| |
| <title>±âº»ÀûÀ¸·Î ¼¹ö¿¡ ÀÖ´Â ÆÄÀÏ º¸È£Çϱâ</title> |
| |
| <p>»ç¶÷µéÀº Á¾Á¾ ¾ÆÆÄÄ¡ÀÇ ±âº» Á¢±Ù¿¡ ´ëÇØ À߸ø ¾Ë°íÀÖ´Ù. |
| Áï, ¼¹ö°¡ ÀϹÝÀûÀÎ URL ´ëÀÀ ±ÔÄ¢À» »ç¿ëÇÏ¿© ÆÄÀÏÀ» ãÀ» |
| ¼ö ÀÖ´Ù¸é, Ưº°È÷ Á¶Ä¡¸¦ ÇÏÁö ¾Ê´ÂÇÑ Å¬¶óÀ̾ðÆ®¿¡°Ô ÆÄÀÏÀÌ |
| ¼ºñ½ºµÉ ¼ö ÀÖ´Ù.</p> |
| |
| <p>¿¹¸¦ µé¾î, ¾Æ·¡¿Í °°Àº °æ¿ì:</p> |
| |
| <example> |
| # cd /; ln -s / public_html <br /> |
| <code>http://localhost/~root/</code> ¿¡ Á¢±ÙÇÑ´Ù |
| </example> |
| |
| <p>±×·¯¸é Ŭ¶óÀ̾ðÆ®´Â Àüü ÆÄÀϽýºÅÛÀ» µ¹¾Æ´Ù´Ò ¼ö ÀÖ´Ù. |
| À̸¦ ¸·±âÀ§ÇØ ¼¹ö¼³Á¤¿¡¼ ´ÙÀ½°ú °°Àº Á¶Ä¡¸¦ ÇÑ´Ù:</p> |
| |
| <example> |
| <Directory /> <br /> |
| Order Deny,Allow <br /> |
| Deny from all <br /> |
| </Directory> |
| </example> |
| |
| <p>±×·¯¸é ÆÄÀϽýºÅÛ À§Ä¡¿¡ ´ëÇØ ±âº» Á¢±ÙÀÌ °ÅºÎµÈ´Ù. |
| ¿øÇÏ´Â ¿µ¿ª¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï ´ÙÀ½°ú °°Àº <directive |
| module="core">Directory</directive> ºí·ÏÀ» Ãß°¡ÇÑ´Ù.</p> |
| |
| <example> |
| <Directory /usr/users/*/public_html> <br /> |
| Order Deny,Allow <br /> |
| Allow from all <br /> |
| </Directory> <br /> |
| <Directory /usr/local/httpd> <br /> |
| Order Deny,Allow <br /> |
| Allow from all <br /> |
| </Directory> |
| </example> |
| |
| <p><directive module="core">Location</directive>°ú <directive |
| module="core">Directory</directive> Áö½Ã¾î¸¦ °°ÀÌ »ç¿ëÇÏ´Â |
| °æ¿ì Ưº°È÷ ÁÖÀǸ¦ ±â¿ï¿©¶ó. ¿¹¸¦ µé¾î, <code><Directory |
| /></code>°¡ Á¢±ÙÀ» °ÅºÎÇÏ´õ¶óµµ <code><Location |
| /></code> Áö½Ã¾î°¡ À̸¦ ¹«½ÃÇÒ ¼ö ÀÖ´Ù</p> |
| |
| <p><directive module="mod_userdir">UserDir</directive> Áö½Ã¾î¸¦ |
| »ç¿ëÇÏ´Â °æ¿ì¿¡µµ ÁÖÀÇÇ϶ó. Áö½Ã¾î¸¦ "./" °°ÀÌ ¼³Á¤Çϸé |
| root »ç¿ëÀÚ¿¡ ´ëÇØ ¹Ù·Î À§ÀÇ °æ¿ì¿Í °°Àº ¹®Á¦°¡ ¹ß»ýÇÑ´Ù. |
| ¾ÆÆÄÄ¡ 1.3 ÀÌ»óÀ» »ç¿ëÇÑ´Ù¸é ¼¹ö ¼³Á¤ÆÄÀÏ¿¡ ¾Æ·¡ ÁÙÀ» Ãß°¡Çϱæ |
| °·ÂÈ÷ ±ÇÇÑ´Ù:</p> |
| |
| <example> |
| UserDir disabled root |
| </example> |
| |
| </section> |
| |
| <section id="watchyourlogs"> |
| |
| <title>·Î±× »ìÆ캸±â</title> |
| |
| <p>½ÇÁ¦·Î ¼¹ö¿¡¼ ¹«½¼ ÀÏÀÌ À־°í ÀÖ´ÂÁö ¾Ë·Á¸é <a |
| href="../logs.html">·Î±×ÆÄÀÏ</a>À» »ìÆìºÁ¾ß ÇÑ´Ù. ·Î±×ÆÄÀÏÀº |
| ÀÌ¹Ì ÀÏ¾î³ Àϸ¸À» º¸°íÇÏÁö¸¸, ¼¹ö¿¡ ¾î¶² °ø°ÝÀÌ ÀÖ¾ú´ÂÁö |
| ¾Ë·ÁÁÖ°í ÇöÀç ÇÊ¿äÇÑ ¸¸Å ¾ÈÀüÇÑÁö È®ÀÎÇÏ°Ô ÇØÁØ´Ù.</p> |
| |
| <p>¿©·¯°¡Áö ¿¹:</p> |
| |
| <example> |
| grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> |
| grep "client denied" error_log | tail -n 10 |
| </example> |
| |
| <p>ù¹ø° ¿¹´Â <a |
| href="http://online.securityfocus.com/bid/4876/info/">À߸øµÈ |
| Source.JSP ¿äûÀ¸·Î ¼¹öÁ¤º¸¸¦ ¾Ë¾Æ³¾ ¼ö ÀÖ´Â TomcatÀÇ |
| Ãë¾àÁ¡</a>¸¦ ÀÌ¿ëÇÏ·Á´Â °ø°Ý Ƚ¼ö¸¦ ¾Ë·ÁÁÖ°í, µÎ¹ø° ¿¹´Â |
| Á¢±ÙÀÌ °ÅºÎµÈ Ãֱ٠Ŭ¶óÀ̾ðÆ® 10°³¸¦ ´ÙÀ½°ú °°ÀÌ º¸¿©ÁØ´Ù:</p> |
| |
| <example> |
| [Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied |
| by server configuration: /usr/local/apache/htdocs/.htpasswd |
| </example> |
| |
| <p>Àß ¾Ë µíÀÌ ·Î±×ÆÄÀÏÀº ÀÌ¹Ì ¹ß»ýÇÑ »ç°Ç¸¸À» º¸°íÇÑ´Ù. |
| ±×·¡¼ Ŭ¶óÀ̾ðÆ®°¡ <code>.htpasswd</code> ÆÄÀÏ¿¡ Á¢±ÙÇÒ |
| ¼ö ÀÖ¾ú´Ù¸é <a href="../logs.html#accesslog">Á¢±Ù ·Î±×</a>¿¡ |
| ´ÙÀ½°ú °°Àº ±â·ÏÀÌ ³²À» °ÍÀÌ´Ù:</p> |
| |
| <example> |
| foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" |
| </example> |
| |
| <p>Áï, ´ç½ÅÀº ¼¹ö ¼³Á¤ÆÄÀÏ¿¡¼ ´ÙÀ½ ºÎºÐÀ» ÁÖ¼®Ã³¸®ÇßÀ» |
| °ÍÀÌ´Ù:</p> |
| |
| <example> |
| <Files ".ht*"> <br /> |
| Order allow,deny <br /> |
| Deny from all <br /> |
| <Files> |
| </example> |
| |
| </section> |
| |
| </manualpage> |