[In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: Dos style attack with the usage of SSI's include virtual directive State-Changed-From-To: open-feedback State-Changed-By: marc State-Changed-When: Sat Oct 31 09:55:28 PST 1998 State-Changed-Why: There is nothing wrong with using <!--#include virtual="/"--> and it should be permitted. This appears like it may be due to recursive includes. You didn't mention this, but is the file you are including "/" from the file that gets served when you ask for "/"? That is the only way I can duplicate this, and there is a fairly obvious cause for this behaviour when trying to do a recursive include. Apache does do some checking to try to avoid recursive includes, but obviously it doesn't go far enough, probably due to the translation being done from / to index.html by mod_index.
