|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Apache <Files>...</Files> problem
suse
karsites.net
Date: Sun Jan 01 2006 - 15:45:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That is correct Scott.
My point is with that setup, althought Options is none and
access to the directory is forbidden, which is what I
wanted, I can still access the file get_vars.php in the
forbidden directory. Is that correct behaviour for the
setting of the <Files> container?
Keith
On Sun, 1 Jan 2006, Scott Leighton wrote:
> To: suse-securitysuse.com
> From: Scott Leighton <helphandpacbell.net>
> Subject: Re: [suse-security] Apache <Files>...</Files> problem
>
> On Sunday 01 January 2006 12:31 pm, susekarsites.net wrote:
> >
> > <Directory /srv/www/htdocs/KAR/websites/pub/computing/apache-test>
> > Options None
> > Order deny,allow
> > Deny from all
> > <Files *.php>
> > Order deny,allow
> > Deny from all
> > </Files>
> > </Directory>
> >
> > (I restarted apache with /etc/init.d/apache2 stop, then start.)
> >
> > If you go to that directory, you will get permission denied
> > for the directory, which is not even listed in the
> > /pub/computing/ directory, as expected.
> >
>
> You have Options None, so unless you have an index
> in that directory, I believe it is correct for apache to
> throw a permission denied.
>
> Scott
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]