>Number: 2451 >Category: general >Synopsis: .htaccess bug! >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jun 15 23:20:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3b6 >Environment: Windows 95 >Description: There is a bug with .htaccess file. If I set few parameters, such as DirectoryIndex xyz.cgi etc. but don't set the authorization AuthType etc. The .htaccess is viewable by the browser, that is, going to http://localhost/.htaccess display the .htaccess file. And i don't think this file should be displayed publicily.
Please take notice to this problem. >How-To-Repeat: dunno >Fix: Set the server not to return the file which is same name as the AccessFileName configuaration directive. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
