httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: Considering general/PR7357: URLs containing invalid paths in combination with .. are served
Date Mon, 05 Mar 2001 21:33:27 GMT
On Mon, 5 Mar 2001, William A. Rowe, Jr. wrote:

> Does anyone consider this response acceptable?
>
> 127.0.0.1 - - [05/Mar/2001:09:49:11 -0600] "HEAD /manual/misleading-insulting-statement/../suexec.html
HTTP/1.0" 200 0

[...]

>
> I'm thinking FilesystemOptions [[+|-]EtagInode] [[+|-]CanonicalRedirect]
>

I'm a little skeptical about programming all these redirects into
Apache.  I agree that having "one true URL" for each resource is the way
to go, but unless there is a security or basic usability issue, I think
it is best to keep this as transparent as possible.  For example,
why not just include the following in the default httpd.conf:




Mime
View raw message