https://issues.apache.org/bugzilla/show_bug.cgi?id=54699
[email protected] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX |--- --- Comment #5 from [email protected] --- example scenario: You scanner your partition with antivirus software and found that /home/user/public_html/abc/public/images/cache/0/a/2/5/49586.php was malicious code You don't know domain or url to it. How how do you suppose you could tell if that file is actualy accessible via any domain served by your apache? Your httpd.conf is very fancy and has a lot of data in it. Worse, user has multiple .htaccess files with rewrite rules, deny rules and authorization rules. Finaly actual php file returns 401 code to apache if run by webserver to mask its presence (unless passed aprorpiate $_GET argument). Answer is YOU CANT know if file is world accessible! It is completly impossible to analize automaticly those configuration, htaccess, rewrites!! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
