Folder Locations 

In this chapter, I will assume the following locations for the specified types of files:

Binaries and supporting files
   /usr/local/apache

Public files
   /var/www/htdocs (this directory is referred to
   throughout this book as the web server tree)

Private web server or application data
   /var/www/data

Publicly accessible CGI scripts
   /var/www/cgi-bin

Private binaries executed by the web server
   /var/www/bin

Log files
   /var/www/logs

Installation locations are a matter of taste. You can adopt any layout you like as long as you use it consistently. Special care must be taken when deciding where to store the log files since they can grow over time. Make sure they reside on a partition with enough space and where they won’t jeopardize the system by filling up the root partition.

Different circumstances dictate different directory layouts. The layout used here is suitable when only one web site is running on the web server. In most cases, you will have many sites per server, in which case you should create a separate set of directories for each. For example, you might create the following directories for one of those sites:

  /var/www/apachesecurity.net/bin
  /var/www/apachesecurity.net/cgi-bin 
  /var/www/apachesecurity.net/data
  /var/www/apachesecurity.net/htdocs
  /var/www/apachesecurity.net/logs

A similar directory structure would exist for another one of the sites:

  /var/www/modsecurity.org/bin
  /var/www/modsecurity.org/cgi-bin 
  /var/www/modsecurity.org/data
  /var/www/modsecurity.org/htdocs
  /var/www/modsecurity.org/logs