httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <rbo...@rcbowen.com>
Subject Re: Suggestion for security tips page.
Date Wed, 28 Jan 2004 14:53:14 GMT
On Wed, 28 Jan 2004, Jani Mikkonen wrote:

> > On the other hand (running out of hands here) where do we draw the line.
> > Do we need a rule for vi swap files? MS Word swap files? Pico swap
> > files?
> 
> My point for the post was that this should be told in the security tips
> pages as it might not be obvious to everyone who starts to configure
> apache the way they like it.  And most cases, there are different people
> for writing the content files and for configuring apache. So you cannot
> just eliminate stupidity without heavy larting and bofhing.
> 
> This didnt come to me as "yeah it would be fun to block these" but i
> actually withnessed someone probing my homesite. That prober had created
> a list of all files in my docroot with *.php extension and crawling thru
> them and then sending requests with same filename and ~ at the end.

I certainly wasn't suggesting that. I simply want to discuss all the
ramifications, and how far we should take this. I think it's a good
idea, but I want to do it correctly and thoroughly. But at the same
time, not overdo it.

-- 
Stretching out your hand
Full of starlit diamonds
Earthshine


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message