httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: Considering general/PR7357: URLs containing invalid paths in combination with .. are served
Date Mon, 05 Mar 2001 21:33:27 GMT
On Mon, 5 Mar 2001, William A. Rowe, Jr. wrote:

> Does anyone consider this response acceptable?
> - - [05/Mar/2001:09:49:11 -0600] "HEAD /manual/misleading-insulting-statement/../suexec.html
HTTP/1.0" 200 0


> I'm thinking FilesystemOptions [[+|-]EtagInode] [[+|-]CanonicalRedirect]

I'm a little skeptical about programming all these redirects into
Apache.  I agree that having "one true URL" for each resource is the way
to go, but unless there is a security or basic usability issue, I think
it is best to keep this as transparent as possible.  For example,
why not just include the following in the default httpd.conf:

View raw message