[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wireless chapter added to Greis' Tutorial
On Tue, 5 Oct 1999, Padmaparna Haldar wrote:
> sorry for the inconvinience. the /vint dir has access control. so a sym
> link to the tutorial has now been created.
...and THAT is the biggest hole in webserver .htaccess security going.
Even bigger than, say, running an old beta of Apache 1.2 (b7!)
You want reasonably secure webserver content? You have to disable
symlinks to prevent multiple routes through dir hierarchies and
conflicting paths of cascading .htaccess permissions - otherwise
.htaccess permissions can be overriden and content served out by
anyone who can read server logs or otherwise knows subdirectory names.
Or you end up insisting on setting up a cron job that sweeps the
tree and inserts a slave .htaccess file in every subdirectory to cure
the problem, since you can't prevent it; added risks. Bug, not
feature.
Otherwise, webserver's up, ht://Dig is working again as expected -
great.
cheers,
L.
rant, rant, hobbyhorse, dead, flogging, completely offtopic, rant.
> You should be able to access it at
> http://www-mash.cs.berkeley.edu/ns/tutorial/index.html
<[email protected]>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
> telnet www-mash.cs.berkeley.edu 80
Trying 128.32.130.10...
Connected to mash.CS.Berkeley.EDU.
Escape character is '^]'.
GET /blah HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Tue, 05 Oct 1999 21:40:08 GMT
Server: Apache/1.2b7 <----
Connection: close
Content-type: text/html
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that
this server could not understand.<P>
</BODY></HTML>
Connection closed by foreign host.