WebApp Sec mailing list archives
RE: htaccess with apache
From: Anonymous Sender <anonymous () remailer metacolo com>
Date: Tue, 4 Nov 2003 15:59:01 +0000 (UTC)
Hans, mod_access is an apache function, where the cgi-script is given "back-end" access to the file-system. mod_access prevents the apache web-server from fulfilling get requests to those files. However, when the cgi-script executes, it bypasses the mod_access controls and retrieves the files. It also has access to almost anything that the server does, including system files, mounted/mapped remote systems, etc.... Hope this helps. ------------------ Hi list Ive got a little question. Ive got a mail from someone that my Webserver (Apache 1.3.20)is not secure. In the Mail he attached the files .htaccess und passwd which are really from my Web-Server. Ive got some simple cgi-Scripts on my server and he said he used one of them (XXXXXX.ziel.cgi?template=maske1.html.....) to get the files. I thought a Directory secured with mod_access cannot be read/accessed without the proper password. Unfortunately the guy is not answering to my eMails and I want to secure my Webserver. Even if he just read the Files (Tripwire didnt show any changes), and didnt wrote something to the server. How is it possible to read the files secured with mod_access with a cgi script? Thanks to all an sorry for my funny English Hans
Current thread:
- Re: htaccess with apache, (continued)
- Re: htaccess with apache António Vasconcelos (Nov 06)
- Re: htaccess with apache Tim Greer (Nov 06)
- Re: htaccess with apache António Vasconcelos (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- Re: htaccess with apache Tim Greer (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 05)
- RE: htaccess with apache Dinis Cruz (Nov 11)
- RE: htaccess with apache Tim Greer (Nov 11)