zoneminder/distros/opensuse/zoneminder.conf

46 lines
1.5 KiB
Plaintext
Raw Normal View History

# The Zoneminder web interface has been disabled by default due to a small
# security issue in the default install.
#
# When using Zoneminder's own authentication, recorded CCTV images are
# accessible from the web directly without passing the authentication. This
# means any attacker could see your CCTV images without a password. In order
# to avoid this you can disable Zoneminder's authentication and configure
# standard Apache authentication (see the Apache documentation for details on
# this).
#
# If you still wish to use Zoneminder's own authentication, or have an
# internal site which needs no authentication, you need to delete the line
# marked below and restart Apache.
Alias /zm "/srv/www/htdocs/zoneminder"
<Directory "srv/www/htdocs/zoneminder">
Options -Indexes +MultiViews +FollowSymLinks
AllowOverride All
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
# The code unfortunately uses short tags in many places
php_value short_open_tag 1
</Directory>
ScriptAlias /cgi-bin/zm "/srv/www/cgi-bin"
<Directory "/srv/www/cgi-bin">
AllowOverride All
Options ExecCGI
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
</Directory>