[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Re-Directing users on a 404 error

Don, Don, Don,

    Please come out of the sun!  Your making Security Holes.

    Well I have been meaning to touch on this subject a little since I saw a
old Don post last week.  This is easy Don!

The error document .htaccess trick in the cobalt linux world

you make a .htaccess file that contains something like

ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 403 /error/forbidden.html
OR
ErrorDocument 404 http://www.zeffie.com
ErrorDocument 401 http://www.zeffie.com
ErrorDocument 500 http://www.zeffie.com
ErrorDocument 403 http://www.zeffie.com

The ErrorDocument statements also exist in
/etc/httpd/conf/srm.conf
However in srm.conf they are "serverwide" or "The Servers Default"

Then and this is the trick.....
in the apache file
/etc/httpd/conf/access.conf
file you add "FileInfo" to the "AllowOverride" line to the section that
looks like this (It's at the top)
<Directory />
Options None
AllowOverride AuthConfig Indexes Limit
AuthFailDelay 2000000
</Directory>
and change it to look like
<Directory />
Options None
AllowOverride AuthConfig Indexes Limit FileInfo
AuthFailDelay 2000000
</Directory>

Then restart apache with something like (ymmv)
/etc/rc.d/init.d/httpd restart
and then test away.....

Note if your AllowOverride has something like none you can remove it and add
just this one or whatever.  If it has "All" you should remove this possible
security hole.

You can learn more about allowoverride at
http://httpd.apache.org/docs/mod/core.html#allowoverride
You can learn more about ErrorDocument at
http://httpd.apache.org/docs/mod/core.html#errordocument
the home of
http://httpd.apache.org/docs/
Updates to this post can be found at
http://www.zeffie.com/Apache/htaccess_error_document.html

Ok that concludes the educational portion of this post... See below for the
humor portion.

Zeffie
http://www.zeffie.com/
If this message helps you please help others with just a click!
http://www.thehungersite.com/


Don you linkbot of information....

> http://list.cobalt.com/pipermail/cobalt-users/2000-
> August/017970.html which gave specific info on how to do it.

As you are perfectly aware this is not what you should be saying.   You
posted last week was it?  About the Cobalt way to update a httpd.conf file.
You know the links to the archives where somebody said how "Cobalt" said to
fix it?  Some crazy way of copying the whole file or something?
Just to change the AllowOverride?
That makes a <b>"BIG SECURITY HOLE"</b> for many of the people that allow
strangers into their boxes.  "All" is a bit to much to give and besides
those are services the boxes are setup to control anyway...  Most likely why
cobalt has updated it the way they did.  Or maybe we got lucky on that one?
I don't know :)

> No, I disagree. IMO, since it relates to Apache and not Cobalt, it >
really doesn't belong here to begin with.

Ya thats right.....   "we don't need no stinkin apache"  We just wanna talk
about....   The Gui... ya thats it....  So Click on accept E-mail for that
domain today!

> What really saves an hour is searching Google for things like "Apache
> ErrorDocument"
> http://www.google.com/search?sourceid=navclient&q=Apache+ErrorDocument

This is serverwide via srm.conf and php?

> First one in that list:
> http://bignosebird.com/apache/a7.shtml

Big Nose Bird.  ok...????

> Another resource:
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Redirection/Error_Bas
> ed/

Oh ya thats alot better then going to say ......  APACHE.ORG?
http://httpd.apache.org/docs/
or goodness me using their search?

Zeffie
"Fun Fun Fun"