Synopsis: Get full access to apache installation path by misusing https State-Changed-From-To: open-analyzed State-Changed-By: marc State-Changed-When: Mon Mar 9 10:46:51 PST 1998 State-Changed-Why: First, we have nothing to do with the SSL patches so we can not do anything about them. Can you reproduce this problem without them?
What path are you talking about? ie. what define in httpd.h is set to it? What is your DocumentRoot set to in your main server config? ie. not any virtualhost. Exactly what you are saying is the problem isn't really clear. I don't see how adding an index.html file would help anything if what you explain is correct; then all they have to do is guess the name of what they want, which isn't too hard.
