Return-Path: Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: (qmail 64086 invoked from network); 13 Dec 2008 05:42:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 Dec 2008 05:42:14 -0000 Received: (qmail 23814 invoked by uid 500); 13 Dec 2008 05:42:26 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 23777 invoked by uid 500); 13 Dec 2008 05:42:26 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 23767 invoked by uid 99); 13 Dec 2008 05:42:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Dec 2008 21:42:26 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of covener@gmail.com designates 74.125.46.156 as permitted sender) Received: from [74.125.46.156] (HELO yw-out-1718.google.com) (74.125.46.156) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Dec 2008 05:42:05 +0000 Received: by yw-out-1718.google.com with SMTP id 6so831829ywa.84 for ; Fri, 12 Dec 2008 21:41:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=UXqByajMN1ZPZzv+120RXbqzPau0oYn1RyGMyh3fBzM=; b=NrarhHpynky7/JylBRhkKWXO1aMQ/S6lUnz6fnDNxITq3oHCRK7vtmq6RV5rlfcjNY T6BtN1tDi5YF2hlW/MkRa+sp31Ze4rQ6/wGL6FtLX1B15s6qLGdunEApxlwsAedNf7M5 mG9pIE7AFvt59luqLL+/9/g3A6xkrcd+/9c6U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=e+1LMykcZEXJDtWZ9vvUHl3uPddAEousQFlOGiVu3foyjV5n74gQJbCkDHrMeSCIEW 4ZOc95HKRo5Z16Xm92zr6fNt5BU2dTwUmJFD6obQ3uzruhKD3QMJiLoE8UBjn/k2QaFk qAaGrrB/BibDVLdmkjcSxri4DGsS8XV6MvMWk= Received: by 10.151.147.16 with SMTP id z16mr599081ybn.44.1229146903163; Fri, 12 Dec 2008 21:41:43 -0800 (PST) Received: by 10.150.185.17 with HTTP; Fri, 12 Dec 2008 21:41:43 -0800 (PST) Message-ID: <1404e5910812122141r68a4379ei270694a292372c51@mail.gmail.com> Date: Sat, 13 Dec 2008 00:41:43 -0500 From: "Eric Covener" To: docs@httpd.apache.org Subject: Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1404e5910812111529k59673344i7de447f0c1f4b7fc@mail.gmail.com> <1404e5910812121322v406225b0u47f0662d336b28d8@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Dec 12, 2008 at 7:44 PM, Christopher Drost wrote: > Go ahead, try it. I did. Right now http://drostie.org/symlink/ is a > symlink pointing to the folder /hidden, which is very far away from my > DocumentRoot. It could (and did) point to my root directory at some > point. And the symlink was created without sudo or root privileges by > my normal account. The directive didn't stop anything. > Because the person who wrote this Security Tip didn't read > mod/core.html#options. It seems like the introductory text in the security tips section is okay, but the example chosen to illustrate the "normal URL mapping rules" is unfortunately chosen.(symlink) to illustrate the "default to no access" directory container. -- Eric Covener covener@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org