[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Oct 2003 00:40:17 -0800
From: Stephen Samuel <samuel@...reen.com>
To: tfm@....org, bugtraq@...urityfocus.com
Subject: Re: Root Directory Listing on RH default apache
You can fix it by changing the line to:
<LocationMatch "^/*$>
On the other hand, if youc an guess the name of any directory without
it's own index.html file, you'll still get a listing. If you're worried
about people seeing your directories, you should turn off the feature
entirely.
tfm@....org wrote:
....
> ==============================================
>>From /etc/httpd/conf/httpd.conf
> #
> # Disable autoindex for the root directory, and present a
> # default Welcome page if no other index page is present.
> #
> <LocationMatch "^/$>
> Options -Indexes
> ErrorDocument 403 /error/noindex.html
> </LocationMatch>
> ==============================================
....
>
> It's true if you made a request like
>
> GET / HTTP/1.0
>
> Not true if you type:
>
> GET // HTTP/1.0
--
Stephen Samuel +1(604)876-0426 samuel@...reen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
Powered by blists - more mailing lists