|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: your mail
From: Bluefish (11a
GMX.NET)Date: Fri Jul 07 2000 - 09:46:00 CDT
- Next message: Bluefish: "Re: BitchX /ignore bug"
- Previous message: Bluefish: "Re: BitchX /ignore bug"
- In reply to: 3APA3A: "(no subject)"
- Next in thread: Shelagh Pepper: "Re: your mail"
- Next in thread: Slawek: "(no subject)"
- Reply: Bluefish: "Re: your mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
As you'll see in following example, if the webserver cannot access ~11a,
it will return 403. If it can access ~11a, then it will behave as you say.
On my setup this is not a big issue, but if someone runs a large site
which offers web, this should be kept in mind.
I wouldn't scream "it's a bug", but a webserver running apache must assume
their users to be known. To tell people who wants their directory o-rxw
that they cannot because of the security concern isn't really an option,
eh? ;-)
On the other hand, these 403 responses are helpfull to most users when
they setup their system. A possible solution for an administrator for a
site which really wants this to go away to make both 403 and 404 become a
302 (page moved) refering to your "hey this is 404"-file. This is done by
simply setting the errorpages to complete URLs (alas, specify path with
http://server/file, not /localpath/file)
Hope this clears up the issue!
[11ablue allied]$ ls -ld . .html ; wget -O - 'http://127.0.0.1/~11a'
ls: .html: No such file or directory
drwxr-xr-x 17 11a 515 2048 Jul 7 16:34 .
--16:35:04-- http://127.0.0.1:80/%7E11a
=> `-'
Connecting to 127.0.0.1:80... connected!
HTTP request sent, awaiting response... 404 Not Found
16:35:04 ERROR 404: Not Found.
[11ablue allied]$ chmod 750 .
[11ablue allied]$ ls -ld . .html ; wget -O - 'http://127.0.0.1/~11a'
ls: .html: No such file or directory
drwxr-x--- 17 11a 515 2048 Jul 7 16:34 .
--16:35:42-- http://127.0.0.1:80/%7E11a
=> `-'
Connecting to 127.0.0.1:80... connected!
HTTP request sent, awaiting response... 403 Forbidden
16:35:42 ERROR 403: Forbidden.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
> T> When we do www.redhatserver.com/~validlogin we get a 403, when we try with
> T> another login (which is not valid) we get a 404.
>
> This only depends on existance of public_html directory in user's
> home. If user has no public_html you will also get 404. Using of
> User's dir is configurable. By default
> UserDir public_html
> is in srm.conf
- Next message: Bluefish: "Re: BitchX /ignore bug"
- Previous message: Bluefish: "Re: BitchX /ignore bug"
- In reply to: 3APA3A: "(no subject)"
- Next in thread: Shelagh Pepper: "Re: your mail"
- Next in thread: Slawek: "(no subject)"
- Reply: Bluefish: "Re: your mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]