| In general, you should try to limit which information on the web server's host can be accessed by the myriad of people who may connect to the web server.
We will prevent the web server from following symbolic links. Apache runs as user "nobody", and so it can potentially change/read any world writeable/readable file on the system. If we don't deactivate this option, a user could potentially allow a web site visitor to view files not in the web page directories. Deactivating "follow symbolic links" will help prevent this. Further, deactivation can lessen the probability that a future vulnerability in Apache could be exploited to alter world writeable files on the system. |