httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daryl Tester <dt-apa...@handcraftedcomputers.com.au>
Subject Re: [users@httpd] Securing handler from direct access via URL.
Date Thu, 09 Sep 2010 22:00:22 GMT
Jefferson Ogata wrote:

> Yes, inasmuch as you didn't clarify that you perceive the configuration 
> as an actual vector for attack, rather than an aesthetically displeasing 
> feature. Instead you mention that it "barfs when accessed directly", 
> which implied to me that you didn't recognize the potential threat.

Opening sentence mentioned chroot'ing.

> I wrote was therefore not merely for your benefit, but for that of 
> anyone who comes across this thread in the future.

Fair enough.


-- 
Regards,
  Daryl Tester

"It's bad enough to have two heads, but it's worse when one's unoccupied."
  -- Scatterbrain, "I'm with Stupid."

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message