]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
When the top-level directory section for / was added for the sake
authorRoy T. Fielding <fielding@apache.org>
Mon, 14 Jul 2003 13:26:14 +0000 (13:26 +0000)
committerRoy T. Fielding <fielding@apache.org>
Mon, 14 Jul 2003 13:26:14 +0000 (13:26 +0000)
commit3dd5583b0bb3fefd4a6310bb6defc00366a494c8
treedbcdd2899cf9a043c7ce3e3c5641729bb8a60653
parent8a6bbdf46c967be7289c691e5669813969298ccb
When the top-level directory section for / was added for the sake
of performance and to allow automount symlinks to be followed, we
mistakenly opened access to the entire directory system by default.
I noticed this because all of the /~user directories are available
by default without any restrictions, which is a bad idea for anything
other than one server within a department of shared users.  However,
it also makes it easier to serve files anywhere on disk by mistake,
and makes other URI-handling bugs more severe than they would be
otherwise.  Therefore, this patch reinstates access control to deny
access to all files other than under DocumentRoot, icons, and manual,
until additional directory/locations are explicitly allowed by the admin.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100593 13f79535-47bb-0310-9956-ffa450edef68
docs/conf/httpd-std.conf.in
docs/conf/httpd-win.conf