# When using Zoneminder's own authentication, recorded CCTV images are
# accessible from the web directly without passing the authentication. This
# means any attacker could see your CCTV images without a password. In order
# to avoid this you can disable Zoneminder's authentication and configure
# standard Apache authentication (see the Apache documentation for details on
# this).
#
# If you still wish to use Zoneminder's own authentication, or have an
# internal site which needs no authentication, you need to delete the line
# marked below and restart Apache.

Alias /zm "@ZM_WEBDIR@"
<Directory "@ZM_WEBDIR@">
    Options -Indexes +MultiViews +FollowSymLinks
    AllowOverride All
    <IfModule mod_authz_core.c>
       # Apache 2.4
       Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        # Apache 2.2
        Order deny,allow
        Allow from all
    </IfModule>
    # ZoneMinder no longer uses short tags so this is safe to leave disabled
    # php_value short_open_tag 1
</Directory>

ScriptAlias /cgi-bin-zm "@ZM_CGIDIR@"
<Directory "@ZM_CGIDIR@">
    AllowOverride All
    Options ExecCGI
    <IfModule mod_authz_core.c>
       # Apache 2.4
       Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        # Apache 2.2
        Order deny,allow
        Allow from all
    </IfModule>
</Directory>