httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Possible Security Hole??? (fwd)
Date Tue, 01 Apr 1997 21:11:50 GMT
Try getting it to work with that sub_req_lookup_simple patch I posted
yesterday.

Dean

On Tue, 1 Apr 1997, Rob Hartill wrote:

> 
> Should we add something like this:
> 
> <Files ~ ".htaccess$">
> 	order deny,allow
> 	deny from all
> </Files>
> 
> 
> to access.conf ?
> 
> There are other tricks to protect .htacess, but this looks the
> cleanest, although I couldn't get it to work on my heavily customised
> Apache here.
> 
> 
> ---------- Forwarded message ----------
> Date: Tue, 1 Apr 1997 10:58:23 -0500
> From: "P.J." <gambler@mailmasher.com>
> To: "'apache-bugs@apache.org'" <apache-bugs@apache.org>
> Subject: Possible Security Hole???
> 
> 
> While browsing around on my system just now, I found that you can view a .htaccess file
just by typing it into the address line.  Most people dont keep any passwords in there, but
they might have a require-user line that they don't want others to see.
> 
> My System:
> 
> RedHat Linux 4.1 kernel 2.0.29
> Apache 1.2b7
> Browsers used: Lynx 2.6, Netscape 4.0, MSIE 3.2
> 
> If this is something that I could easily have fixed myself, then I am sorry for bothering
you.
> 
> 


Mime
View raw message