[16894] in bugtraq
Re: httpd.conf in Suse 6.4
daemon@ATHENA.MIT.EDU (Martin S. Hasemann)
Mon Sep 25 12:29:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <00b201c024ca$25c783c0$57cc1cd8@worklap>
Date: Fri, 22 Sep 2000 15:20:19 -0400
Reply-To: "Martin S. Hasemann" <ozone@ISOC.NET>
From: "Martin S. Hasemann" <ozone@ISOC.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
A probable better idea, and one I've seen from RedHat distributions (6.2 is
the one I just looked at) is:
Alias /doc/ /usr/doc/
<Location /doc>
order deny,allow
deny from all
allow from localhost
Options Indexes FollowSymLinks
</Location>
Unless you want your domain users to have access to these areas, then
include the addresses you want to have access. As for a 'packages'
directory/alias itself, I'd rem that unless there is a need to have those
displayed, in which case .htaccess works.
Martin S. Hasemann
Systems Administrator
http://www.wispinc.com
http://www.infogalaxy.com
----- Original Message -----
From: "zab0ra aka t0maszek" <zabora@SZERMIERZ.UNI.WROC.PL>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Thursday, September 21, 2000 5:24 AM
Subject: httpd.conf in Suse 6.4
> hy...
>
> in SuSe 6.4 (maybe another) any user from any host can get info about
> packages installed on SuSe systems.
> httpd.conf file have entry "Alias /doc/ /usr/doc/" (and others)
>
> in www browser you cat set http://hosts.any/doc/packages/ and you get list
> of installed packages
>
> Solusion:
> in httpd.conf
>
> <Directory /usr/doc/packages>
> order deny,allow
> allow from your.ip.or.domain
> deny from all
> </Directory>
>
>
> zab0ra aka t0maszek
> -------------------
>
