Re: [users@httpd] index/directories leave me vulnerable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] index/directories leave me vulnerable
From: Joshua Kogut <jmkogut@xxxxxxxxx>
Date: Tue, 18 Oct 2005 15:26:44 -0400
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <e498c1660510131715s54bbeb6agcbc944e6b866436d@xxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
References: <BAY21-F227924E2BFC33AB981B935CF7A0@xxxxxxx> <e498c1660510131715s54bbeb6agcbc944e6b866436d@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Also, in your first <directory> "directive", turn off indexes, that should stop the users from seeing an index. Again, as josh has said, just make sure that php is parsing the file, and that index.php is set to be a directory index, (like index.html)

On 10/13/05, Joshua Slive <jslive@xxxxxxxxx> wrote:

On 10/13/05, paul johnson <p_jay@xxxxxxxxxxxxx> wrote:
> i have set up a simple guestbook php script. the index.php contains the
> admin password and this file is quite freely available if someone just went
> to the guestbook/  directory and downloaded  the file..
>
> is it possible to make it so people cant view directories/index's on my
> site. ive spent a good while looking for information relating to this but i
> cant find any.

See:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#indexes

But I think you have a deeper problem.  Why is guestbook.php
downloadable?  It should be processed by php so that the source code
should not be available for download.  Check you php config.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL: http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

--
|| jmkogut ||
email: jmkogut@xxxxxxxxx
|| Networking: Where all your problems are category 5. ||

References:
- [users@httpd] index/directories leave me vulnerable
  - From: paul johnson
- Re: [users@httpd] index/directories leave me vulnerable
  - From: Joshua Slive

Prev by Date: [users@httpd] Question with Apache 2.0.52 Max Clients reached AND repeating errors
Next by Date: Re: [users@httpd] benchmarking - how to?
Previous by thread: Re: [users@httpd] index/directories leave me vulnerable
Next by thread: [users@httpd] Setup .htaccess on cgi-bin directory
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux