httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: Security hole: force directory listings, avoid index.html
Date Mon, 25 Nov 1996 20:07:09 GMT
Brian Behlendorf wrote:

>With the current CVS tree:
>  telnet 80
>  GET / HTTP/1.0
>  Accept: image/gif
>What comes back is a directory listing of's root tree, even
>though there's in index.html there.  I consider this a security hole, in so far
>as people are considering index.html's as ways to protect the contents of a
>directory from indexing.  

hmmmm, yes I agree.

View raw message