Eric,
I think you are right cuz the rewrite rule which I'm using and also the ErrorDocument which I'm using are using the path of the files and not the exact URL.
But while I'm able to fix the custom 403 and 404 pages, I'm not too sure why the scanner is still detecting this vulnerability.
Sukhjeet
-----Original Message-----
From: Eric Covener [mailto:covener@xxxxxxxxx]
Sent: Wednesday, June 10, 2009 5:33 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Rewrite Rule for hiding Destination URL ??
On Wed, Jun 10, 2009 at 5:52 AM, BipinDas-Gmail <bipinkdas@xxxxxxxxx> wrote:
> I need to rewrite the url http://123.dev.com to http://123.dev.com/profile
>
> I have put the below code to my .htaccesss that successfully worked....
>
> # -------------------------------------------------------
>
> rewritecond %{http_host} ^widgets\.cmdn\.com$
> rewritecond %{request_uri} ^/$
> rewriterule ^(.*)$ http://123.dev.com/profile
Your 2nd argument shouldn't be a full URL, that's why you're getting a
redirect. Try just /profile, profile, or %{DOCUMENT_ROOT}/profile.
--
Eric Covener
covener@xxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|