httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Redirect for the "..\.." Security Issue
Date Thu, 06 Nov 2003 17:46:40 GMT

On Thu, 6 Nov 2003, Strader, William Alexander (WAX) wrote:

> Does anyone know how to redirect that "..\.." security issue to a 404
> page... We are undergoing a security Audit and they keep freaking out cause
> if they goto http://webserver/somedir/..\..\..\..\..\etc\passwd they see a
> directory listing.  The directory listing they see is the same as if they
> goto http://webserver/somedir/  which is supposed to be there.... So it
> isn't a security issue but everytime they get a 200 vs a 404 when they do a
> "..\.." they freak out... Anyone know of a way to send them to 404 or
> something?

<LocationMatch \.\.>
Order allow,deny
Deny from all

Might do the trick.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message