httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Rodenbiker <jrodenbi...@rodenbiker.net>
Subject Re: [users@httpd] Blocking invalid URIs?
Date Sat, 11 Mar 2006 01:06:48 GMT

-- 
Freedom, Truth, Love, Beauty.
John Rodenbiker
jrodenbiker@rodenbiker.net



On Mar 10, 2006, at 4:25 PM, Sean Conner wrote:

> It was thus said that the Great John Rodenbiker once stated:
>>
>> Is there a way to have httpd drop requests to URIs that don't actually
>> exist in my environment?
>
>   It's turned on by default in Apache.  In other words, any content
> *outside* of the DocumentRoot is not served up, no matter how many 
> "../" are
> thrown at the web server.  Don't put anything you don't want seen in 
> the
> DocumentRoot.

That's good to know, thank you.

The reason I ask is because there is a company trying to sell a "web 
application firewall" that appears to do just what I asked, except for 
$9995. Are these guys full of it, or what are they really offering?
http://www.webscurity.com/products.htm


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message