Apache configuration and security

To: <debian-apache@lists.debian.org>
Subject: Apache configuration and security
From: "Keith Seldon" <keith@keithjas.aquiss.com>
Date: Sun, 7 May 2006 20:09:29 +0100
Message-id: <[🔎] 000501c67209$c40100b0$1501a8c0@kjasamillo>

Hi,

I came across a potential security error whilst playing with the defaultinstall of Apach2 today.

If you goto http://domain or http://domain./ all is fine. Unfortunately, ifyou goto http://domain// or append any number of '/' to the uri, then youwill be served with a directory listing instead of the index page.

I have fixed this localy by editiing /etc/apache2/sites-available/default .I have changed "RedirectMatch ^/$ /apache2-default/" to "RedirectMatch ^/*$/apache2-default/"

I hope this is helpful, and apologise if I have sent this to the wrongaddress.


Regards

Keith Seldon

Reply to:

Follow-Ups:
- Re: Apache configuration and security
  - From: Adam Conrad <adconrad@0c3.net>

Prev by Date: RE: Talkpoint Webinars
Next by Date: Bug#365925: ssl-cert: post-installation script exits with error 1
Previous by thread: RE: Talkpoint Webinars
Next by thread: Re: Apache configuration and security
Index(es):
- Date
- Thread