httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <and...@tees.elsevier.co.uk>
Subject Re: Apache incompatibility
Date Thu, 19 Oct 1995 21:37:10 GMT
Randy:
> As I have understood and used it:
> 
> file="..." is a path (absolute or relative) to an included document.
> virtual="..." uses DOCUMENTROOT for the active server and *must* begin
> from the DOCUMENTROOT.

Aaah, virtual is beginning to make a little more sense.  You understand
how confusing this is for people.  They read what sparse documentation
there is available on the web regarding this feature, kick off Apache
to play with the include syntax and *WOW* Apache doesn't do what it sez it
should.

> >From a security standpoint, I would prefer to preserve the functionality
> above and perhaps restrict file="..." to be a file within the DOCUMENTROOT
> filespace.  Use of FollowSymlink etc. should be our controls of this
> filespace.

I do not think that we should change the default in ANY WAY from the way
NCSA 1.3R handles this.  However an augmented meaning could be applied by
directives in the *.conf files.  But... Apache should not do anything *new*
by default.


Mime
View raw message