Re: More security problems in Apache on Mac OS X

From: Jeremey A. Mates (jmatesat_private)
Date: Tue Sep 11 2001 - 19:01:09 PDT

Next message: snsadvat_private: "[SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability"

Previous message: Jeremey A. Mates: "Re: More security problems in Apache on Mac OS X"
In reply to: Paul Lieberman: "Re: More security problems in Apache on Mac OS X"
Next in thread: Kee Hinckley: "Re: More security problems in Apache on Mac OS X"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Paul Lieberman <liebat_private> [2001-09-11 16:46:59]:
> This matches any file that starts with a period and seems to do the
> trick. I can't think of an instance where you'd want a hidden file
> to display on the web. Am I missing something?

Yes; I block all dot files by default on my webservers, and ran into a
recent problem where a particular site used Server Side Includes (SSI)
to reference ".lastupdate" files via "#include virtual" statements.
The site stopped working when moved under my webserver, due to the SSI
invoking a full lookup on the URI, which was blocked due to the
dot-file restriction.

Just something to keep in mind...

-- 
Jeremy Mates                                      http://www.sial.org/

	   "You cannot control, only catch." -- Tsung Tsai

Next message: snsadvat_private: "[SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability"
Previous message: Jeremey A. Mates: "Re: More security problems in Apache on Mac OS X"
In reply to: Paul Lieberman: "Re: More security problems in Apache on Mac OS X"
Next in thread: Kee Hinckley: "Re: More security problems in Apache on Mac OS X"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 21:36:36 PDT