>> <VirtualHost *:80> >> ServerName default >> >> <Directory /> >> AllowOverride none >> Order Allow,Deny >> Require all denied >> </Directory> >> </VirtualHost> [...]
I'm not 100% sure, but that may not deny access to absolutely everything, in case you have global directives such as cgi aliases or proxy constructs, possibly with mod_rewrite and [P] which point to non-directory resources. Therefore it may be better to use <Location> instead of <Directory>. Additionally, if you bind any further vhosts to specific IP addresses, e.g. <VirtualHost 192.0.2.1:80>, then that virtualhost will have precedence for requests to 192.0.2.1:80 over the *:80 virtualhost. Overall, I'd say that such a construct is more likely to increase the attack surface instead of reducing it. rainer
