-- Freedom, Truth, Love, Beauty. John Rodenbiker jrodenbiker@xxxxxxxxxxxxxx On Mar 10, 2006, at 4:25 PM, Sean Conner wrote:
It was thus said that the Great John Rodenbiker once stated:Is there a way to have httpd drop requests to URIs that don't actually exist in my environment?It's turned on by default in Apache. In other words, any content*outside* of the DocumentRoot is not served up, no matter how many "../" are thrown at the web server. Don't put anything you don't want seen in theDocumentRoot.
That's good to know, thank you.The reason I ask is because there is a company trying to sell a "web application firewall" that appears to do just what I asked, except for $9995. Are these guys full of it, or what are they really offering?
http://www.webscurity.com/products.htm --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|