1# The Zoneminder web interface has been disabled by default due to a small
2# security issue in the default install.
3#
4# When using Zoneminder's own authentication, recorded CCTV images are
5# accessible from the web directly without passing the authentication. This
6# means any attacker could see your CCTV images without a password. In order
7# to avoid this you can disable Zoneminder's authentication and configure
8# standard Apache authentication (see the Apache documentation for details on
9# this).
10#
11# If you still wish to use Zoneminder's own authentication, or have an
12# internal site which needs no authentication, you need to delete the line
13# marked below and restart Apache.
14
15Alias /zm "/srv/www/htdocs/zoneminder"
16<Directory "srv/www/htdocs/zoneminder">
17    Options -Indexes +MultiViews +FollowSymLinks
18    AllowOverride All
19    <IfModule mod_authz_core.c>
20       # Apache 2.4
21       Require all granted
22    </IfModule>
23    <IfModule !mod_authz_core.c>
24        # Apache 2.2
25        Order deny,allow
26        Allow from all
27    </IfModule>
28    # The code unfortunately uses short tags in many places
29    php_value short_open_tag 1
30</Directory>
31
32ScriptAlias /cgi-bin/zm "/srv/www/cgi-bin"
33<Directory "/srv/www/cgi-bin">
34    AllowOverride All
35    Options ExecCGI
36    <IfModule mod_authz_core.c>
37       # Apache 2.4
38       Require all granted
39    </IfModule>
40    <IfModule !mod_authz_core.c>
41        # Apache 2.2
42        Order deny,allow
43        Allow from all
44    </IfModule>
45</Directory>
46