httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob McCool <>
Subject Re: no2slash - apache 0.8.2
Date Mon, 24 Jul 1995 12:17:37 GMT
 * "no2slash - apache 0.8.2" by Andrew Wilson <>
 *    written Mon, 24 Jul 95 10:47:19 BST
 * Just what is no2slash supposed to be doing?

Fixing a security hole where people would use URLs with two slashes to
get around patterns like /docs/dir1/dir2/* in access.conf by using a
URL like http://hostname/dir1//dir2/foo. The no2slash should probably
be performed after path info has been separated (Netsite has a way to
enable that if you need to) but I never did it in the NCSA server
because by the time people started complaining I was on my way out the


View raw message