httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject [BUG]: "server-status and server-info can be rewritten in .htaccess" on Irix (fwd)
Date Wed, 12 Feb 1997 16:36:06 GMT

This has comeup before, but I don't remember if the problem was
resolved. the solution is to prevent status/info being triggered from
.htaccess


---------- Forwarded message ----------
Date: Wed Feb 12  7:39:20 1997
From: chipper@hway.net
To: apache-bugs%apache.org@organic.com
Subject: [BUG]: "server-status and server-info can be rewritten in .htaccess" on Irix

Submitter: chipper@hway.net
Operating system: Irix, version: 
Version of Apache Used: 1.2b6
Extra Modules used: 
URL exhibiting problem: www.headcam.com/my-status

Symptoms:
--
Customers are able to re-write the location of server-status and server-info, thus circumventing
our limit GET directives configured in access.conf

it is imperative that customers not know the name or nature of other clients housed on thier
particular server

sample URLS:
www19.hway.net/hway-status
www.headcam.com/my-status
config can be found at
www19.hway.net/hway-info
--

Backtrace:
--

--



Mime
View raw message