www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Schaefer (JIRA)" <j...@apache.org>
Subject [jira] Commented: (INFRA-887) Do not allow webservers to server .svn URLs
Date Wed, 12 Jul 2006 16:07:30 GMT
    [ http://issues.apache.org/jira/browse/INFRA-887?page=comments#action_12420659 ] 

Joe Schaefer commented on INFRA-887:
------------------------------------

Oops, I incorrectly thought that members who
request a shell access to a box are entitled to it,
but I'm told that's not the case.

The problem with resolving this issue right now
on ajax is that any solution I can think of will impose
a penalty on all requests (probably a pattern match),
and will make the load problem on ajax worse than
it already is.  We only get about 100 or so requests
per day to .svn dirs, whereas we get 6M regular ones.

In my opinion, the risk of additional load isn't worth
the reward of blocking a few stray requests.  Let's
revisit this issue when the websites are running on
better hardware.

> Do not allow webservers to server .svn URLs
> -------------------------------------------
>
>          Key: INFRA-887
>          URL: http://issues.apache.org/jira/browse/INFRA-887
>      Project: Infrastructure
>         Type: Bug
>     Security: public(Regular issues) 
>   Components: HTTP Server
>     Reporter: Henning Schmiedehausen

>
> open http://httpd.apache.org/.svn/text-base/ in a browser.
> Bad. Please add a rule to the global http configuration that forbids serving /.svn/ URLs.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message