[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] RE: SSI Vuln on cobalt

Subject: [cobalt-security] RE: SSI Vuln on cobalt
From: Barbara <thebizworkers@xxxxxxxxx>
Date: Sun, 21 Apr 2002 19:43:43 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

><Directory /home/sites/>
>AllowOverride All
>Options All
></Directory>
>
>... set, then who do you blame? :o) Set it to
"AllowOverride None" and all
>these fancy .htaccess files in /home/sites/wherever
>will no longer work.

Well.... Not exactly, at least not on my remaining
RaQ3. I have the following in my access.conf file and
I still can (and do) use .htaccess files to password
protect a few user directories..

<Directory />
Options None
AllowOverride None
AuthFailDelay 2000000
</Directory>

What I *do* use to stop those files from being
uploaded in the first place, is this little line in my
proftpd.conf file..

PathDenyFilter 
"(\\.ftpaccess)|(\\.htaccess)|(\\.forward)$"

Babs



__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/

Follow-Ups:
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Brett Wright

Prev by Date: [cobalt-security] Re: Re: SSI Vuln on cobalt
Next by Date: Re: [cobalt-security] RE: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] RE: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index