1# The Zoneminder web interface has been disabled by default due to a small 2# security issue in the default install. 3# 4# When using Zoneminder's own authentication, recorded CCTV images are 5# accessible from the web directly without passing the authentication. This 6# means any attacker could see your CCTV images without a password. In order 7# to avoid this you can disable Zoneminder's authentication and configure 8# standard Apache authentication (see the Apache documentation for details on 9# this). 10# 11# If you still wish to use Zoneminder's own authentication, or have an 12# internal site which needs no authentication, you need to delete the line 13# marked below and restart Apache. 14 15Alias /zm "/srv/www/htdocs/zoneminder" 16<Directory "srv/www/htdocs/zoneminder"> 17 Options -Indexes +MultiViews +FollowSymLinks 18 AllowOverride All 19 <IfModule mod_authz_core.c> 20 # Apache 2.4 21 Require all granted 22 </IfModule> 23 <IfModule !mod_authz_core.c> 24 # Apache 2.2 25 Order deny,allow 26 Allow from all 27 </IfModule> 28 # The code unfortunately uses short tags in many places 29 php_value short_open_tag 1 30</Directory> 31 32ScriptAlias /cgi-bin/zm "/srv/www/cgi-bin" 33<Directory "/srv/www/cgi-bin"> 34 AllowOverride All 35 Options ExecCGI 36 <IfModule mod_authz_core.c> 37 # Apache 2.4 38 Require all granted 39 </IfModule> 40 <IfModule !mod_authz_core.c> 41 # Apache 2.2 42 Order deny,allow 43 Allow from all 44 </IfModule> 45</Directory> 46