Re: filesmatch suspends AccessFileName?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






The regex in filesmatch Directive is quite useless but this leads to the problem that .htaccess file can called by http in browser and shows all of its contents.

http://example.com/.htaccess

Seems to me quite simple for a user to disclose his .htaccess contents by simple filesmatch directive which suddenly ignores AccessFileName directive.
Is this a bug or expected?

I have the following in the httpd.conf: 

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch> 

Don't you have something similar?


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux