Home page logo

bugtraq logo Bugtraq mailing list archives

Re: httpd.conf in Suse 6.4
From: "Martin S. Hasemann" <ozone () ISOC NET>
Date: Fri, 22 Sep 2000 15:20:19 -0400

 A probable better idea, and one I've seen from RedHat distributions (6.2 is
the one I just looked at) is:

Alias /doc/ /usr/doc/
<Location /doc>
  order deny,allow
  deny from all
  allow from localhost
  Options Indexes FollowSymLinks

 Unless you want your domain users to have access to these areas, then
include the addresses you want to have access. As for a 'packages'
directory/alias itself, I'd rem that unless there is a need to have those
displayed, in which case .htaccess works.

Martin S. Hasemann
Systems Administrator

----- Original Message -----
From: "zab0ra aka t0maszek" <zabora () SZERMIERZ UNI WROC PL>
Sent: Thursday, September 21, 2000 5:24 AM
Subject: httpd.conf in Suse 6.4


in SuSe 6.4 (maybe another) any user from any host can get info about
packages installed on SuSe systems.
httpd.conf file have entry "Alias /doc/  /usr/doc/" (and others)

in www browser you cat set http://hosts.any/doc/packages/ and you get list
of installed packages

in httpd.conf

<Directory /usr/doc/packages>
order deny,allow
allow from your.ip.or.domain
deny from all

zab0ra aka t0maszek

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]