Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: joe () BLARG NET (Joe)
Date: Tue, 9 May 2000 07:18:40 -0700
On Mon, 8 May 2000, Brian McKinney wrote:
Andrew Reisse said: <On my servers, I put a section like this in httpd.conf to prevent editor <backups from being read (which, as you said, might contain passwords or <other interesting data) <Files ~ "^\~"> Order allow,deny Deny from all </Files> I have tried adding that to a couple of apache servers with no luck. The source is still being displayed. as suggested by a friend i even tried: <Files ~ "^\.cgi.$"> Order allow,deny Deny from all </Files> for blocking files like cgi.text and cgi.bak. I still got the same results. is there something im missing?
Both of your regular expressions are flawed. The first will only stop people from seeing files that begin with a tilde, the second will only stop those that begin with '.cgi'. Your use of the '^' is the problem. The following rule will work and stop access to files ending with a tilde or files ending in '.cgi*': <Files ~ "*(\~|\.cgi.+)$" Order deny,allow Deny from all </Files> -- Joe Technical Support General Support: support () blarg net Blarg! Online Services, Inc. Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
Current thread:
- Re: CGI source being exposed using "~", (continued)
- Re: CGI source being exposed using "~" Joe (May 08)
- Re: CGI source being exposed using "~" Bluefish (May 09)
- Re: CGI source being exposed using "~" Arturo Busleiman (May 08)
- Re: CGI source being exposed using "~" Jordan Dimov (May 08)
- Re: CGI source being exposed using "~" Adam Clarke (May 08)
- Re: CGI source being exposed using Labu Labi (May 08)
- Re: CGI source being exposed using "~" Jeremy Gaddis (May 07)
- Re: CGI source being exposed using "~" Irwan Shahrin Ismail (May 07)
- Re: CGI source being exposed using "~" George Capehart (May 08)
- Re: CGI source being exposed using "~" Brian McKinney (May 08)
- Re: CGI source being exposed using "~" Joe (May 09)
- Alternative ways of IP spoofing? Max.P (May 09)
- Re: Alternative ways of IP spoofing? Justin Randall (May 09)
- AIM bug or feature jeff D (May 09)
- Re: AIM bug or feature Alistair Orchard (May 09)
- Punishment Blue Boar (May 09)
- Re: AIM bug or feature Justin Lintz (May 10)
- Re: AIM bug or feature White Vampire (May 10)
- really fast data Ogrodnek, Larry (May 10)
- Re: Alternative ways of IP spoofing? Doru Petrescu (May 10)
- AIM & VPN jeff D (May 10)
- Re: CGI source being exposed using "~" Joe (May 08)