Eric, Basically the thing is my security guy is saying that If I can any how able to fix the 404 error in lieu of the 403 Forbidden error then it'll fix the vulnerability. I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even from telnet or with any scanner. Sukhjeet Singh Project Lead Fiserv Global Services Fiserv Office: +91-120-4023086 Mobile: 9999991422 US: 1-877-271-3943 x 3086 www.fiserv.com -----Original Message----- From: Eric Covener [mailto:covener@xxxxxxxxx] Sent: Wednesday, June 10, 2009 5:37 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: default site On Wed, Jun 10, 2009 at 4:07 AM, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: >> NameVirtualHost doesn't affect this selection, so the logic degrades >> to simpler _default_ and * are used when there isn't an exact match >> on the IP. > > I've meant, if there's NameVirtualHost <ip>, the <VirtualHost _default_> > will not match the IP even if there's no virtual host on that IP defined. > Was I wrong? AFAICT the _default_ vhost matches in this case -- the request is not handled by the "base" config. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|