Bugtraq mailing list archives

Re: Mac OS X - Apache & Case Insensitive Filesystems

From: Paul Burney <burney () gseis ucla edu>
Date: Mon, 11 Jun 2001 09:41:08 -0700

on 6/10/01 2:06 PM, Paul Burney (burney () gseis ucla edu) wrote:

Then in the protected directory, /Library/WebServer/Documents/test, add a
.htaccess file containing:

  Order deny,allow
  Deny from all


Of course, upon further reflection, the following also needs to be added to
the httpd.conf file:

<Files ~ "^\.(ht|HT|Ht|hT)">
    Order allow,deny
    Deny from all
</Files>

To prevent users from viewing the encrypted form of your password by passing
a request like:

http://somesever/somedir/.Htaccess

The above is untested but it should work.

Sincerely,

Paul Burney

+-------------------------+---------------------------------+
| Paul Burney             | P: 310.825.8365                 |
| Webmaster && Programmer | E: <webmaster () gseis ucla edu>   |
| UCLA -> GSE&IS -> ETU   | W: <http://www.gseis.ucla.edu/> |
+-------------------------+---------------------------------+

Current thread:

Mac OS X - Apache & Case Insensitive Filesystems Stefan Arentz (Jun 10)
- Re: Mac OS X - Apache & Case Insensitive Filesystems Paul Burney (Jun 11)
  - Re: Mac OS X - Apache & Case Insensitive Filesystems Kee Hinckley (Jun 12)
  - Re: Mac OS X - Apache & Case Insensitive Filesystems Paul Burney (Jun 12)
- Re: Mac OS X - Apache & Case Insensitive Filesystems Scott Gifford (Jun 12)
- Re: Mac OS X - Apache & Case Insensitive Filesystems Peter Bierman (Jun 15)