httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Security hole: force directory listings, avoid index.html
Date Mon, 25 Nov 1996 19:14:57 GMT

With the current CVS tree:

  telnet www.apache.org 80
  GET / HTTP/1.0
  Accept: image/gif
 
What comes back is a directory listing of www.apache.org's root tree, even
though there's in index.html there.  I consider this a security hole, in so far
as people are considering index.html's as ways to protect the contents of a
directory from indexing.  

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS


Mime
View raw message