httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Directory hiding
Date Tue, 16 Sep 2008 02:42:30 GMT

On 16 Sep 2008, at 02:44, Hugh E Cruickshank wrote:

> Right now if someone were to attempt to access these subdirectories
> (i.e. http://www.example.com/cgi-bin) they would receive a 403
> Forbidden error message. Unfortunately this is not quite acceptable
> to the IBM Rational AppScan utility which recommends that a 404
> Not found error should be issued.

I suspect you're misreading your AppScan.  It's warning about  
potentially
exposing your filesystem information.  But there's nothing secret about
a directory containing a web-facing application!

Having said that, rtfm ErrorDocument for one way to do what you ask,
if it's for some ignorant PHB's box-ticking exercise.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message