Bug#1072729: Acknowledgement (apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem)

To: 1072729@bugs.debian.org
Subject: Bug#1072729: Acknowledgement (apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem)
From: Oliver Weihe <oliver.weihe@delta.de>
Date: Mon, 10 Jun 2024 16:44:05 +0200
Message-id: <[🔎] bd4b8dcc-b106-4214-9593-a5f93959b7ab@delta.de>
Reply-to: Oliver Weihe <oliver.weihe@delta.de>, 1072729@bugs.debian.org
In-reply-to: <handler.1072729.B.17177500982748438.ack@bugs.debian.org>
References: <[🔎] fc5e6704-18c3-48d6-8799-cea37e012305@delta.de> <handler.1072729.B.17177500982748438.ack@bugs.debian.org> <[🔎] fc5e6704-18c3-48d6-8799-cea37e012305@delta.de>

Hi again,

similar issue with .htaccess and .htpasswd - a simple symlink and Apachehappily serves the file(s) so the following lines don't really prevent this.


--- 8< ---
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
--- 8< ---

And btw: why not this?
--- 8< ---
<FilesMatch "^\.(htaccess|htpasswd)">
--- 8< ---


Regards,
 Oliver

Reply to:

References:
- Bug#1072729: apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem
  - From: Oliver Weihe <oliver.weihe@delta.de>

Prev by Date: Bug#1072804: mod_autoindex: should default to XHTML and send the charset in the document
Next by Date: Napływ Klientów ze strony
Previous by thread: Bug#1072729: apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem
Next by thread: Bug#1072737: ssl-cert: expiration-day wrongly handled
Index(es):
- Date
- Thread