httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jefferson Ogata <apa...@antibozo.net>
Subject Re: [users@httpd] Securing handler from direct access via URL.
Date Thu, 09 Sep 2010 21:51:11 GMT
On 2010-09-09 21:37, Daryl Tester wrote:
> Yes, again, I know it's dangerous, hence the concern of my original post.
> Was my subject line ambiguous?

Yes, inasmuch as you didn't clarify that you perceive the configuration 
as an actual vector for attack, rather than an aesthetically displeasing 
feature. Instead you mention that it "barfs when accessed directly", 
which implied to me that you didn't recognize the potential threat. What 
I wrote was therefore not merely for your benefit, but for that of 
anyone who comes across this thread in the future.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message