httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: Security hole: force directory listings, avoid index.html
Date Mon, 25 Nov 1996 20:07:09 GMT
Brian Behlendorf wrote:

>With the current CVS tree:
>
>  telnet www.apache.org 80
>  GET / HTTP/1.0
>  Accept: image/gif
> 
>What comes back is a directory listing of www.apache.org's root tree, even
>though there's in index.html there.  I consider this a security hole, in so far
>as people are considering index.html's as ways to protect the contents of a
>directory from indexing.  

hmmmm, yes I agree.



Mime
View raw message