httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject Re: [BUG]: "server-status and server-info can be rewritten in .htaccess" on Irix (fwd)
Date Thu, 13 Feb 1997 19:19:36 GMT

>This has comeup before, but I don't remember if the problem was
>resolved. the solution is to prevent status/info being triggered from
>.htaccess

A compromise might be to have the two modules add new directives such as

StatusOnlyVia /status_url
InfoOnlyVIa   /info_url

So that the modules look at r->uri to decide if they are allowed or
FORBIDDEN to respond based on the URL used.

Clean, configurable and secure.

rob


Mime
View raw message