httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Raq_Apache_dot_htaccess
Date Sat, 27 Nov 2004 16:15:55 GMT
On Sat, 27 Nov 2004 15:00:55 -0000, Adrian Portsmouth
<service@htaccessmanager.com> wrote:
> Dear List,
> 
> I am experiencing a problem with my web site and I am not 100% sure whether
> it is Apache or FreeBSD related.

Neither.

> 
> I asked a forum to comment on my web site and one of the users there
> reported that his Norton Firewall (Using Firefox 1.0) blocked access to my
> web site stating "Raq_Apache_dot_htaccess" which was claiming that I was
> attempting to intrude in his computer. Of course I am not doing any such
> thing so I began to investigate.

Most likely, it is actually claiming that *his* site is trying to
attack your *computer*.

>From the looks of it, this is simply the norton firewall being *very*
stupid.  There was once, long ago, a stupid apache-distributor
(cobalt) who had a vulnerable apache configuration where .htaccess
files could be downloaded, possibly revealing sensitive information. 
Norton is attempting to prevent such downloads, but it is doing it in
some stupid way that is generating false positives.  It is probably
triggering off the presence of the string "htaccess" in the URL or
content of your website.

So, in  other words:
- There is nothing wrong with your website.
- Norton firewall is generating a stupid false-positive.

Suggested fixes:
- Tell the client to fix his broken firewall.
- Try to identify the exact string that is triggering the false
positive.  This is just a guessing game, of course.  You could start
by trying to assure that you don't have the string "htaccess" in any
of your URLs.

Joshua

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message