httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject [discuss] "Security" change to default configs trunk/2.2/2.0
Date Thu, 08 Sep 2011 06:28:32 GMT
On 9/8/2011 12:51 AM, Igor Galić wrote:
> Who knows how many configs we're breaking with that?
> Also I don't quite see how it's a security thing, at best "security"
> and, for sure, a performance thing (notice: No "") 

Good point.  In answer to your question, the combination of AddType
(e.g. .html to includes-filter) with additional exceptions might
circumvent protections which the user anticipated placed on *.html,
assuming those were all of the extensions.  We see such noise in the
php community all of the time, and it is a frequent [and invalid]
security report.

View raw message