httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob McCool <r...@netscape.com>
Subject Re: no2slash - apache 0.8.2
Date Mon, 24 Jul 1995 12:17:37 GMT
/*
 * "no2slash - apache 0.8.2" by Andrew Wilson <andrew@www.elsevier.co.uk>
 *    written Mon, 24 Jul 95 10:47:19 BST
 * 
 * Just what is no2slash supposed to be doing?
 *
 */

Fixing a security hole where people would use URLs with two slashes to
get around patterns like /docs/dir1/dir2/* in access.conf by using a
URL like http://hostname/dir1//dir2/foo. The no2slash should probably
be performed after path info has been separated (Netsite has a way to
enable that if you need to) but I never did it in the NCSA server
because by the time people started complaining I was on my way out the
door.

--Rob

Mime
View raw message