[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] .htaccess showing - how to prevent this?

Subject: RE: [cobalt-users] .htaccess showing - how to prevent this?
From: Greg Hewitt-Long <cobaltusers@xxxxxxxxxxxxxxxxxxx>
Date: Thu Aug 28 11:29:59 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> > -----Original Message-----
>> From: Greg Hewitt-Long [mailto:cobaltusers@xxxxxxxxxxxxxxxxxxx]
>> Sent: Thursday, August 28, 2003 1:02 PM
>> To: cobalt-users@xxxxxxxxxxxxxxx
>> Subject: [cobalt-users] .htaccess showing - how to prevent this?
>>
>>
>> I think I just discovered something that isn't supposed to
>> happen... I can't find a reference to it anywhere... so here goes..
>>
>> I inadvertently typed a \ after deleting part of a URL, and I
>> got the .htaccess file to show - this could be bad news for
>> some sites, showing the location of .htpassword files etc
>>
>> Check it out:
>>
>http://www.webyourbusiness.com/\
>
>Now - surely this IS NOT supposed to happen!  Any ideas on how to turn this OFF??
>
>I've got this in my /etc/http/conf/http.conf file:
>    543 #
>    544 # The following lines prevent .htaccess files from being viewed by
>    545 # Web clients.  Since .htaccess files often contain authorization
>    546 # information, access is disallowed for security reasons.  Comment
>    547 # these lines out if you want Web visitors to see the contents of
>    548 # .htaccess files.  If you change the AccessFileName directive above,
>    549 # be sure to make the corresponding changes here.
>    550 #
>    551 # Also, folks tend to use names such as .htpasswd for password
>    552 # files, so this will protect those as well.
>    553 #
>    554 <Files ~ "^\.ht">
>    555     Order allow,deny
>    556     Deny from all
>    557     Satisfy All
>    558 </Files>



I have that too.  My point is I'm not calling http://www.webyourbusiness.com/.htaccess - if I do, I get a not Authorized error, which is what I should get.

It was a single backslash and the .htaccess is being served INSTEAD of a 404 - file not found.


>
>Vidar
>
>thanks
>
>Greg Hewitt-Long
-- 
E-Commerce Software & Web Design Services. http://webyourbusiness.com
Reliable Web Hosting from $4.99/month - http://www.aaabusinesshosting.com/
Domain Registration from $13/year - http://aaabusinesshosting.com/domains/
     TF: 1-877-416-8655   PH: (970) 266-0195   FAX: (970) 266-0158

References:
- RE: [cobalt-users] .htaccess showing - how to prevent this?
  - From: Ligard, Vidar

Prev by Date: Re: [cobalt-users] .htaccess showing - how to prevent this?
Next by Date: Re: [cobalt-users] .htaccess showing - how to prevent this?
Previous by thread: RE: [cobalt-users] .htaccess showing - how to prevent this?
Next by thread: [cobalt-users] RAQ_Apache_dot_htaccess - any details

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index