Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Mac OS X - Apache & Case Insensitive Filesystems
From: Paul Burney <burney () gseis ucla edu>
Date: Mon, 11 Jun 2001 09:41:08 -0700

on 6/10/01 2:06 PM, Paul Burney (burney () gseis ucla edu) wrote:

Then in the protected directory, /Library/WebServer/Documents/test, add a
.htaccess file containing:

  Order deny,allow
  Deny from all

Of course, upon further reflection, the following also needs to be added to
the httpd.conf file:

<Files ~ "^\.(ht|HT|Ht|hT)">
    Order allow,deny
    Deny from all
</Files>

To prevent users from viewing the encrypted form of your password by passing
a request like:

http://somesever/somedir/.Htaccess

The above is untested but it should work.

Sincerely,

Paul Burney

+-------------------------+---------------------------------+
| Paul Burney             | P: 310.825.8365                 |
| Webmaster && Programmer | E: <webmaster () gseis ucla edu>   |
| UCLA -> GSE&IS -> ETU   | W: <http://www.gseis.ucla.edu/> |
+-------------------------+---------------------------------+


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]