Vulnerability Development mailing list archives
Re: CGI source being exposed using "~"
From: jlegate () ALIENCHICK COM (Jason Legate)
Date: Tue, 9 May 2000 18:00:50 -0700
The two regexps you are looking for are "\~$" and "\.cgi.+$" I believe. Or does apache not use + for multiple matches? -j On Mon, May 08, 2000 at 07:23:56PM -0700, Brian McKinney wrote:
Andrew Reisse said:
<On my servers, I put a section like this in httpd.conf to prevent editor
<backups from being read (which, as you said, might contain passwords or
<other interesting data)
<Files ~ "^\~">
Order allow,deny
Deny from all
</Files>
I have tried adding that to a couple of apache servers with no luck. The
source is still being displayed. as suggested by a friend i even tried:
<Files ~ "^\.cgi.$">
Order allow,deny
Deny from all
</Files>
for blocking files like cgi.text and cgi.bak. I still got the same results.
is there something im missing?
Thanks in advance
Brian
-- /-------/ Jason Legate \-------\ | jlegate () sitesmith com | | SiteSmith, Inc | \-\ http://www.sitesmith.com /-/ \----\ 24x7 Call Center /----/ \----\ 888.898.7667 /----/
Current thread:
- Punishment, (continued)
- Punishment Blue Boar (May 09)
- Re: AIM bug or feature Justin Lintz (May 10)
- Re: AIM bug or feature White Vampire (May 10)
- really fast data Ogrodnek, Larry (May 10)
- Re: Alternative ways of IP spoofing? Doru Petrescu (May 10)
- AIM & VPN jeff D (May 10)
- Re: AIM & VPN Jeremy Gaddis (May 10)
- Re: AIM & VPN Bluefish (May 11)
- Re: AIM & VPN Matthew S. Hallacy (May 12)
- Norton Internet Security 2000 Jon Alabot (May 10)
- Re: CGI source being exposed using "~" Jason Legate (May 09)