httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Rodenbiker <>
Subject Re: [users@httpd] Blocking invalid URIs?
Date Sat, 11 Mar 2006 01:06:48 GMT

Freedom, Truth, Love, Beauty.
John Rodenbiker

On Mar 10, 2006, at 4:25 PM, Sean Conner wrote:

> It was thus said that the Great John Rodenbiker once stated:
>> Is there a way to have httpd drop requests to URIs that don't actually
>> exist in my environment?
>   It's turned on by default in Apache.  In other words, any content
> *outside* of the DocumentRoot is not served up, no matter how many 
> "../" are
> thrown at the web server.  Don't put anything you don't want seen in 
> the
> DocumentRoot.

That's good to know, thank you.

The reason I ask is because there is a company trying to sell a "web 
application firewall" that appears to do just what I asked, except for 
$9995. Are these guys full of it, or what are they really offering?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message