I noticed that the apache virtual host in /etc/apache2/sites-available/site.conf use mod_dav and an alias /dav with authentication.
<Location /dav> DAV on Basic AuthType ... </Location>
With a brute force attack it is possible to discover passwords! It is possible to prevent access to files with authentication, for example restrict access to an IP address/ Private Network/ VPN.
<Location /dav> DAV on Basic AuthType ... </Location> #prevent access - add after or insite <Location /dav> in file site.conf <Location / dav> Order Deny, Allow Deny from all Allow from XX.YY.AA.BB, </Location>
But I do not intend to make this change for all sites.
I tried to put at the end of the file in /etc/apache2/apache.conf but it didn’t work. Ask for the password.
But if I protect awstats.pl in /etc/apache2/apache.conf, it works.
<Files awstats.pl> Order Deny, Allow Deny from all Allow from XX.YY.AA.BB, ... </Files>
Is there a way for me to add protection in a single location and apply it to all sites on site-enabled?