Bugtraq mailing list archives
Re: More security problems in Apache on Mac OS X
From: "Jeremey A. Mates" <jmates () sial org>
Date: Tue, 11 Sep 2001 19:01:09 -0700
* Paul Lieberman <lieb () sou edu> [2001-09-11 16:46:59]:
This matches any file that starts with a period and seems to do the trick. I can't think of an instance where you'd want a hidden file to display on the web. Am I missing something?
Yes; I block all dot files by default on my webservers, and ran into a recent problem where a particular site used Server Side Includes (SSI) to reference ".lastupdate" files via "#include virtual" statements. The site stopped working when moved under my webserver, due to the SSI invoking a full lookup on the URI, which was blocked due to the dot-file restriction. Just something to keep in mind... -- Jeremy Mates http://www.sial.org/ "You cannot control, only catch." -- Tsung Tsai
Current thread:
- More security problems in Apache on Mac OS X Jacques Distler (Sep 10)
- Re: More security problems in Apache on Mac OS X Eric Bennett (Sep 11)
- Re: More security problems in Apache on Mac OS X Kee Hinckley (Sep 12)
- <Possible follow-ups>
- Re: More security problems in Apache on Mac OS X Paul Lieberman (Sep 11)
- Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)
- Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)