httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PMilan...@nypl.org
Subject RE: [users@httpd] smbfs mounted DocumentRoot
Date Wed, 09 Mar 2005 13:48:25 GMT
I cannot recreate this no matter what I do. Is it contained to PHP? Is it
doing the same thing for plain html?

I tend to think it may have to do with the smb mount also. Copy the same
file over to the linux box and try to open it. Also, try manually
launching it from the command line on linux. See if you get the expected
output. I find it kind of odd that you serve html this way as smb is a
bear, but I suppose that is your requirement.

P

> -----Original Message-----
> From: apache.ml@gmail.com [mailto:apache.ml@gmail.com]
> Sent: Wednesday, March 09, 2005 8:36 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] smbfs mounted DocumentRoot
> 
> Our webserver is on a RedHat9 IBM e-series.  We serve all files from a
> smbfs mounted DocumentRoot.  Now we just realized that whenever we
> appended a "%5C" to any of our URI we could actually see the source
> code.
> For example "www.somewhere.com/index.php%5C" would let you see the
> index.php file's source code.  No need to tell you we we're panicking.
>  In IE which we mostly use for tests, you have to explicitely enter
> the code but in Firefox, as soon as you end the URI in a backslash it
> interprets it as "%5C".  So basically we found it by doing a typo in
> Firefox. For the moment I transfered all the files to the webserver
> which has an ext2 filesystem and everything works fine but am
> wondering if there's anything I could do in the httpd.conf file to
> keep on using that setup.  We tried denying files ending with a
> backslash or "%5c", did'nt work.  We also tried using RedirectMatch or
> rewrite but it seems no regex works.
> Now the only link I can make out of this problem is that smb is a
> "windows type" protocol and so is the backslash.  But why is it that
> when the DocumentRoot is on a Linux based filesystem it appends the
> backslash to the file name while on an smbfs it shows the code?
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message