Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: apache and 404/404 status codes

From: zweije () XS4ALL NL (Vincent Zweije)
Date: Sat, 8 Jul 2000 12:22:36 +0200

Slawek <sgp () TELSATGP COM PL> wrote:

||  If user's home dir is flagged 0700 (or 750 or etc - so "world" cannot get
||  there) that you'd get code 403.
||
||  On multiuser boxes such flags for homedirs are rather common.
||
||  User has to set o+x if he wants to create public_html. But in that situation
||  we'll probably get result code 200 when trying to retrieve
||  http://somehost/~userinquestion/ ;)
||
||
||  Hopefully Apache has an option to map all 403 result codes to 404.

I think the better fix would be for apache to stat
~userinquestion/public_html and if it can't tell it's a directory,
return a "404 Not Found" anyway.

Actually, you might be able to put something like that in a 403 error
script.

Ciao.                                                        Vincent.
Previous By Date Next
Previous By Thread Next

Current thread: