www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sf...@futuresource.com (Steve Ford)
Subject Re: mod_auth-any/606: POST to an htaccess-protected cgi doesn't challange user
Date Thu, 22 May 1997 21:50:01 GMT
The following reply was made to PR mod_auth-any/606; it has been noted by GNATS.

From: sford@futuresource.com (Steve Ford)
To: marcs@znep.com
Subject: Re: mod_auth-any/606: POST to an htaccess-protected cgi doesn't challange user
Date: Thu, 22 May 1997 16:42:45 -0500

 
 
 marcs@znep.com sez:
 > On Thu, 22 May 1997, Steve Ford wrote:
 > > I have a CGI script in a directory that has an ".htaccess" file requiring
 > > the user to belong to a certain group.  ...
 > 
 > And exactly what do you have in the .htaccess file?  A "Limit GET" by
 > any chance?  If so, that will limit GETs just as it says.
 
 HEY!!!  How did you manage to hack into our site and read our .htaccess file???
 
 So, to protect myself from everything, I just get rid of the <Limit ...>
 and </Limit> lines.  Then, just like it says, "If an access control
 directive appears outside a <Limit> directive, then it applies to all
 access methods."  (See http://www.apache.org/docs/mod/core.html#limit)
 
 <blush>
 Sorry and thanks.
 </blush>
 
 Steve Ford

Mime
View raw message