Hello,
[EMAIL PROTECTED] wrote:
>
> First, we have nothing to do with the SSL patches so we can not
> do anything about them. Can you reproduce this problem without
> them?
The point is, that you need the https support to drop to an unwanted
http server which is not configured. I do not know how the module
stuff exactly works, but I think the SSL module fails to check if
the mentioned problem occurs. On the other hand there could be a
reason to check for unconfigured URLs in the apache code to get
on the safe side concerning new modules.
I will send information on this problem to the SSL guy. So you will
not loose any time in implementing new code and tracking more important
problems.
> What path are you talking about? ie. what define in
> httpd.h is set to it? What is your DocumentRoot
> set to in your main server config? ie. not any virtualhost.
I had my DocumentRoot set to the installpath of apache. After
recompiling the code it points to a location where nobody can
get any files and only gets a short go-away message. To set
it to the point where the virtual servers stuff lives would be
no good idea.
> Exactly what you are saying is the problem isn't really
> clear. I don't see how adding an index.html file would
> help anything if what you explain is correct; then all they
> have to do is guess the name of what they want, which isn't
> too hard.
You're right, there were too many things I had to handle at once
in that moment. Especially that guy who told us that he "attacked"
us successfully was not a nice one. I had to find a quick solution
to block him from accessing more files. I don't think that he got
the interesting non-standard parts of directory/file structure.
Bye,
Andreas Heilwagen.
_ __ __ ______
/ | / /__ / /_/ ____/_ _________ __ ____ _________ _
/ |/ / _ \/ __/ / __/ / / / ___/ / / / / __ \/ ___/ __ `/
/ /| / __/ /_/ /_/ / /_/ / / / /_/ / _ / /_/ / / / /_/ /
/_/ |_/\___/\__/\____/\__,_/_/ \__,_/ (_)\____/_/ \__, /
e-mail: <[EMAIL PROTECTED]> http://netguru.org /____/
