Hi list, An easy and idiot bug in security sites using apache is to put the logs into the homedir. For example, i search in google for common strings in apache, like: [notice] caught SIGTERM, shutting down "GET / HTTP/1.1" 200 103 SSL handshake interrupted by system In many sites google find files: access_log, error_log, ssl_engine_log, ssl_error_log showing the structure of the site. If the administrator does not worry of put a .htaccess or index.html reducing the access via browser anyone could find cool information on it. Is there a way for apache only browse files *.html or *.php not all files type in the browser adress? Diego Brito Veiga Technical Publications Phone: +55 (12) 39273929 Fax: +55 (12) 39273342 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
