httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Security hole: force directory listings, avoid index.html
Date Mon, 25 Nov 1996 19:14:57 GMT

With the current CVS tree:

  telnet 80
  GET / HTTP/1.0
  Accept: image/gif
What comes back is a directory listing of's root tree, even
though there's in index.html there.  I consider this a security hole, in so far
as people are considering index.html's as ways to protect the contents of a
directory from indexing.  



View raw message