RE: htaccess with apache

[Anonymous Sender <anonymous () remailer metacolo com>]

Hans,

mod_access is an apache function, where the cgi-script is given "back-end"
access to the file-system.  mod_access prevents the apache web-server from
fulfilling get requests to those files.  However, when the cgi-script executes,
it bypasses the mod_access controls and retrieves the files.  It also has access
to almost anything that the server does, including system files, mounted/mapped
remote systems, etc....   

Hope this helps.



------------------



Hi list


I’ve got a little question.


I’ve got a mail from someone that my Webserver (Apache 1.3.20)is not
secure. In the Mail he attached the files .htaccess und passwd
which are really from my Web-Server.


I’ve got some simple cgi-Scripts on my server and he said
he used one of them (XXXXXX.ziel.cgi?template=maske1.html.....)
to get the files. I thought a Directory secured with mod_access
cannot be read/accessed without the proper password.
Unfortunately the guy is not answering to my eMails
and I want to secure my Webserver. Even if he just read
the Files (Tripwire didn’t show any changes), and didn’t
wrote something to the server.


How is it possible to read the files secured with mod_access
with a cgi script?


Thanks to all an sorry for my funny
English


Hans