httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daryl Tester <>
Subject Re: [users@httpd] Securing handler from direct access via URL.
Date Thu, 09 Sep 2010 22:00:22 GMT
Jefferson Ogata wrote:

> Yes, inasmuch as you didn't clarify that you perceive the configuration 
> as an actual vector for attack, rather than an aesthetically displeasing 
> feature. Instead you mention that it "barfs when accessed directly", 
> which implied to me that you didn't recognize the potential threat.

Opening sentence mentioned chroot'ing.

> I wrote was therefore not merely for your benefit, but for that of 
> anyone who comes across this thread in the future.

Fair enough.

  Daryl Tester

"It's bad enough to have two heads, but it's worse when one's unoccupied."
  -- Scatterbrain, "I'm with Stupid."

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message