Re: index.php ist used (internally) when /index.php/ is requested

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As far as I know, the default has not changed since the directive was introduced:
Default
The treatment of requests with trailing pathname information is determined by the handler responsible for the request. The core handler for normal files defaults to rejecting PATH_INFO requests. Handlers that serve scripts, such as cgi-script and isapi-handler, generally accept PATH_INFO by default.

On Thu, Nov 13, 2014 at 11:45 AM, Christoph Gröver <grover@xxxxxxxxxxxx> wrote:

Hello list,

> This is usually the intended behavior. Many PHP frameworks use
> PATH_INFO to handle requests.
>
> See the documentation for AcceptPathInfo:
> http://httpd.apache.org/docs/current/mod/core.html#acceptpathinfo

Thanks Yehuda. I see why this is being used. Is this the default for
a long time?
Last time I checked the use of trailing slashes or other nonsense
to bypass security features it didn't work.

I run a module which should restrict the use of certain URLs, so I
think I have to prevent this configuration somehow.

Thanks for the link.
Greetings

--
Christoph Gröver

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux