httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21242] - Trailing character renders pages with code
Date Wed, 01 Sep 2004 08:31:15 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=21242>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=21242

Trailing character renders pages with code

laurent@elanor.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.0.46                      |2.0.50



------- Additional Comments From laurent@elanor.org  2004-09-01 08:31 -------
It seems the problem is still present on Apache 2.0.50, with a completely
default install:

127.0.0.1 - - [01/Sep/2004:10:16:25 +0200] "GET /index.html.var HTTP/1.1" 200 1494
127.0.0.1 - - [01/Sep/2004:10:16:28 +0200] "GET /index.html.var%20 HTTP/1.1" 200
1494
127.0.0.1 - - [01/Sep/2004:10:16:37 +0200] "GET /index.html.var. HTTP/1.1" 200 1494

Is there anything to do to avoid it?
In my case, it displays the source code of JSP files, which I don't want, of course.

I used a quick workaround, but I'd sure like a definitive solution:
<FilesMatch "\.jsp.*$">
  AllowOverride None
  Deny from all
</FilesMatch>

Since that might lead to security issues, should a report be done to
security@apache.org instead of here?

Thanks,

Laurent

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message