[20989] in bugtraq
Re: Mac OS X - Apache & Case Insensitive Filesystems
daemon@ATHENA.MIT.EDU (Paul Burney)
Tue Jun 12 16:36:54 2001
Date: Mon, 11 Jun 2001 09:41:08 -0700
From: Paul Burney <burney@gseis.ucla.edu>
To: <BUGTRAQ@securityfocus.com>
Message-ID: <B74A42B4.2B19%burney@gseis.ucla.edu>
In-Reply-To: <B7492F79.17F4%burney@gseis.ucla.edu>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
on 6/10/01 2:06 PM, Paul Burney (burney@gseis.ucla.edu) wrote:
> Then in the protected directory, /Library/WebServer/Documents/test, add a
> .htaccess file containing:
>
> Order deny,allow
> Deny from all
Of course, upon further reflection, the following also needs to be added to
the httpd.conf file:
<Files ~ "^\.(ht|HT|Ht|hT)">
Order allow,deny
Deny from all
</Files>
To prevent users from viewing the encrypted form of your password by passing
a request like:
http://somesever/somedir/.Htaccess
The above is untested but it should work.
Sincerely,
Paul Burney
+-------------------------+---------------------------------+
| Paul Burney | P: 310.825.8365 |
| Webmaster && Programmer | E: <webmaster@gseis.ucla.edu> |
| UCLA -> GSE&IS -> ETU | W: <http://www.gseis.ucla.edu/> |
+-------------------------+---------------------------------+
