good night
I noticed that the apache virtual host in /etc/apache2/sites-available/site.conf use mod_dav and an alias /dav with authentication.
<Location /dav>
DAV on
Basic AuthType
...
</Location>
With a brute force attack it is possible to discover passwords! It is possible to prevent access to files with authentication, for example restrict access to an IP address/ Private Network/ VPN.
<Location /dav>
DAV on
Basic AuthType
...
</Location>
#prevent access - add after or insite <Location /dav> in file site.conf
<Location / dav>
Order Deny, Allow
Deny from all
Allow from XX.YY.AA.BB,
</Location>
But I do not intend to make this change for all sites.
I tried to put at the end of the file in /etc/apache2/apache.conf but it didn’t work. Ask for the password.
But if I protect awstats.pl in /etc/apache2/apache.conf, it works.
<Files awstats.pl>
Order Deny, Allow
Deny from all
Allow from XX.YY.AA.BB,
...
</Files>
Is there a way for me to add protection in a single location and apply it to all sites on site-enabled?