you know... this was truly one of the homer simpson moments!!!! you know the one..'DoH!!!!' i realized right after i hit the send key that this wasn't apache.. but rather filesystem... thanks for the replies... -----Original Message----- From: Craig Dunigan [mailto:cdunigan@xxxxxxxxxxxxx] Sent: Wednesday, August 10, 2005 10:19 AM To: users@xxxxxxxxxxxxxxxx; bedouglas@xxxxxxxxxxxxx Subject: Re: [users@httpd] apache question?? On Wed, 10 Aug 2005, bruce wrote: > hi... > > i just discovered that i can fire up a browser from my FC3 environment, and > that i can do "file:///home/foo" and i'm presented with a list of the files > in the directory, and that i can then examine the files.... > > obviously i don't want this behavior!!!! is there some attribute/directive > that i can set within the apache conf file that will prevent this from > occuring. > > i've been searching google/apache but can't seem to find what i'm missing.. > > thanks > > -bruce > bedouglas@xxxxxxxxxxxxx > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > Bruce, I know that seems scary, but it's quite harmless. The only folks who can do that are people who are already logged into your computer. Moreover, it's not Apache that is serving those files. It's the OS itself. The browser lives on the filesystem, so the browser can read the filesystem when it's run by someone logged into that computer. No one can use "file://" from a remote machine and read your files. -- Craig Dunigan IS Technical Services Specialist (I don't know what it means, either) Middleware - Enterprise Info Systems - Department of Info Technology University of Wisconsin, Madison opinions expressed are my own, not the University's --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|