|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: An issue with Apache on Debian
Karellen (karellen
CRYOGEN.COM)Fri, 9 Apr 1999 00:48:14 +0300
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Olaf Kirch: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
- Previous message: Rui Pedro Bernardino: "Re: Xylan OmniSwitch "features""
- Maybe in reply to: Andrei D. Caraman: "An issue with Apache on Debian"
- Next in thread: Mikael Willberg: "Re: An issue with Apache on Debian"
On Mon, Apr 05, 1999 at 07:53:35PM +0300, Andrei D. Caraman wrote: > That would allow any user from the net (malicious or not) to know the > exact version of the software packages installed on a Debian box. It That reminds me of something else. On Debian 2.0, after I read the Apache manual I tried that neat example they suggest 'ln -s / ~/public_html' lynx http://localhost/~username -- I actually got to see my root directory! Any user with shell acess could do this and allow people browse through your /etc, /home and what not. To fix this, add the following lines to the top of your /etc/apache/apache.conf. <Directory /> AllowOverride None Options None Order deny,allow Deny from all </Directory> I had someone confirm this for me, and I got a positive answer. The package maintainer has been notified. I am using v1.3.3-4.
- Next message: Olaf Kirch: "Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight"
- Previous message: Rui Pedro Bernardino: "Re: Xylan OmniSwitch "features""
- Maybe in reply to: Andrei D. Caraman: "An issue with Apache on Debian"
- Next in thread: Mikael Willberg: "Re: An issue with Apache on Debian"