httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: Plugging nice big security hole (OS/2)
Date Tue, 21 Jul 1998 04:01:16 GMT

On Tue, 21 Jul 1998, Brian Havard wrote:

> It concerned me because if I protect the URL
> with a <Location /bar/private> block I can bypass it by entering the URL
> If you're saying that <Location> blocks shouldn't be used this way that's
> fine by me.

Yup, if you want to protect the directory $DOCROOT/bar/private then you
are supposed to use <Directory>.  <Location> does not protect the
filesystem, and does not know about filesystem aliases.

I repeat this about once a month. 


View raw message