Bugtraq mailing list archives

Re: More security problems in Apache on Mac OS X

From: "Jeremey A. Mates" <jmates () sial org>
Date: Tue, 11 Sep 2001 19:01:09 -0700

* Paul Lieberman <lieb () sou edu> [2001-09-11 16:46:59]:

This matches any file that starts with a period and seems to do the
trick. I can't think of an instance where you'd want a hidden file
to display on the web. Am I missing something?


Yes; I block all dot files by default on my webservers, and ran into a
recent problem where a particular site used Server Side Includes (SSI)
to reference ".lastupdate" files via "#include virtual" statements.
The site stopped working when moved under my webserver, due to the SSI
invoking a full lookup on the URI, which was blocked due to the
dot-file restriction.

Just something to keep in mind...

-- 
Jeremy Mates                                      http://www.sial.org/

           "You cannot control, only catch." -- Tsung Tsai

Current thread:

More security problems in Apache on Mac OS X Jacques Distler (Sep 10)
- Re: More security problems in Apache on Mac OS X Eric Bennett (Sep 11)
- Re: More security problems in Apache on Mac OS X Kee Hinckley (Sep 12)
- <Possible follow-ups>
- Re: More security problems in Apache on Mac OS X Paul Lieberman (Sep 11)
  - Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)
  - Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)