Reference:
| server.username = "lighttpd" server.groupname = "lighttpd" |
This will drop the root privilege |
| server.tag ="lighttpd" | Use to setup lighttpd name and version number (default). This is security feature. You can setup it as follows:server.tag ="myWebServer v1.0" |
| index-file.names = ( "index.php", "index.html" ) | A list of files to search for if a directory is requested. You should only include the files you know you will use. |
| dir-listing.activate = "disabled" | The default for "dir-listing.activate" is "disabled". So you don't really need to add this to the config file. For more information on this feature, you can reference http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModDirlisting |
server.modules = (
"mod_access",
"mod_accesslog",
"mod_fastcgi",
"mod_rewrite",
"mod_auth"
)
mod_access must be enabled. Then add the following into lighttpd.conf if you want to deny access to any file ending with '~' or '.inc':
url.access-deny = ( "~", ".inc" )
Lighttpd Protect Different Directories With Different Password Files gives a very clear instruction on this.
In lighttd.conf, add the following limit access to www.example.org/admin:
$HTTP["host"] == "www.example.org" {
#!~ is a perl style regular expression not match
$HTTP["remoteip"] !~ "^(200\.19\.1\.5|210\.45\.2\.7)$" {
$HTTP["url"] =~ "^/admin/" {
url.access-deny = ( "" )
}
}
}
$HTTP["host"] == "www.example.org" {
$HTTP["remoteip"] != "10.0.0.0/8" {
url.access-deny = ( "" )
}
}
Reference:
# multiple sockets
$SERVER["socket"] == "127.0.0.1:81" {
server.document-root = "..."
}
$SERVER["socket"] == "127.0.0.1:443" {
ssl.pemfile = "/var/www/certs/localhost.pem"
ssl.engine = "enable"
server.document-root = "/var/www/htdocs/secure.example.org/pages/"
}
SSLv2 should be disabled in lighttpd.conf:
ssl.use-sslv2 = "disable"
Recent comments
2 weeks 5 days ago
3 weeks 6 days ago
7 weeks 4 days ago
32 weeks 4 days ago
33 weeks 3 days ago
44 weeks 3 days ago
45 weeks 5 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 3 weeks ago