In-Reply-To: <20040203063933.12546429.nd@perlig.de> >From: =?ISO-8859-15?Q?Andr=E9?= Malo <nd@perlig.de> > > >Deny from all (in conclusion with some other) denies HTTP access on some >criteria. It doesn't suppose to protect against access from inside the >server. > Deny From All: In this way they can access from outside the server. AllowOverride FileInfo (only): Apache must suppose to protect against .htaccess override from inside the server. In fact, Apache should check for config permission again in the ap_process_request_internal() function. > >> I post this issue in the public mailing list, because I think this >> vuln is not exploitable by a remote attacker. If something were >> wrong, drop a line to me. > >Next time, try a user support forum first. Thanks. > >nd > I think it's a vuln, in fact I confirmed someones for that. Then I post it into a bug-tracker list instead of in a user support forum. Thanks for your comment.
