Full Disclosure mailing list archives
apache browsing files
From: diego.veiga () embraer com br
Date: Mon, 5 Jan 2004 17:00:37 -0200
Hi list, An easy and idiot bug in security sites using apache is to put the logs into the homedir. For example, i search in google for common strings in apache, like: [notice] caught SIGTERM, shutting down "GET / HTTP/1.1" 200 103 SSL handshake interrupted by system In many sites google find files: access_log, error_log, ssl_engine_log, ssl_error_log showing the structure of the site. If the administrator does not worry of put a .htaccess or index.html reducing the access via browser anyone could find cool information on it. Is there a way for apache only browse files *.html or *.php not all files type in the browser adress? Diego Brito Veiga Technical Publications Phone: +55 (12) 39273929 Fax: +55 (12) 39273342 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- apache browsing files diego . veiga (Jan 05)
- Re: apache browsing files Valdis . Kletnieks (Jan 05)
- Re[2]: apache browsing files Chris (Jan 05)
- <Possible follow-ups>
- RE: apache browsing files Schmehl, Paul L (Jan 05)
- Re: apache browsing files Valdis . Kletnieks (Jan 05)