Bugtraq mailing list archives
Re: httpd.conf in Suse 6.4
From: "Martin S. Hasemann" <ozone () ISOC NET>
Date: Fri, 22 Sep 2000 15:20:19 -0400
A probable better idea, and one I've seen from RedHat distributions (6.2 is the one I just looked at) is: Alias /doc/ /usr/doc/ <Location /doc> order deny,allow deny from all allow from localhost Options Indexes FollowSymLinks </Location> Unless you want your domain users to have access to these areas, then include the addresses you want to have access. As for a 'packages' directory/alias itself, I'd rem that unless there is a need to have those displayed, in which case .htaccess works. Martin S. Hasemann Systems Administrator http://www.wispinc.com http://www.infogalaxy.com ----- Original Message ----- From: "zab0ra aka t0maszek" <zabora () SZERMIERZ UNI WROC PL> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Thursday, September 21, 2000 5:24 AM Subject: httpd.conf in Suse 6.4
hy... in SuSe 6.4 (maybe another) any user from any host can get info about packages installed on SuSe systems. httpd.conf file have entry "Alias /doc/ /usr/doc/" (and others) in www browser you cat set http://hosts.any/doc/packages/ and you get list of installed packages Solusion: in httpd.conf <Directory /usr/doc/packages> order deny,allow allow from your.ip.or.domain deny from all </Directory> zab0ra aka t0maszek -------------------
Current thread:
- httpd.conf in Suse 6.4 zab0ra aka t0maszek (Sep 22)
- Re: httpd.conf in Suse 6.4 Martin S. Hasemann (Sep 25)
- Re: httpd.conf in Suse 6.4 Roman Drahtmueller (Sep 25)