RE: Directory hiding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Nick Kew Sent: September 15, 2008 19:43
> 
> On 16 Sep 2008, at 02:44, Hugh E Cruickshank wrote:
> 
> > Right now if someone were to attempt to access these subdirectories
> > (i.e. http://www.example.com/cgi-bin) they would receive a 403
> > Forbidden error message. Unfortunately this is not quite acceptable
> > to the IBM Rational AppScan utility which recommends that a 404
> > Not found error should be issued.
> 
> I suspect you're misreading your AppScan.

That is a good possibility.

> It's warning about potentially exposing your filesystem information.

Most probably.

> But there's nothing secret about a directory containing a web-facing
> application!

That may be the case but their recommendation is still: Issue a "404 -
Not Found" response status code for a forbidden resource, or remove it
completely.

> Having said that, rtfm ErrorDocument for one way to do what you ask,
> if it's for some ignorant PHB's box-ticking exercise.

Colour me stupid but as far as I can tell ErrorDocument only provides
for the replacement of the text of a message. I can not see how it can
be used to force a 404 instead of a 403.

Thanks for your response anyway.

Regards, Hugh

-- 
Hugh E Cruickshank, Forward Software, www.forward-software.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux