why in the world does Apache add the *sourcode* of the called PHP script after the sepcified ErrorDocument? this is a major problem and exactly *not* what should happen by a security option ________________________________________________
<Location "/cms.php"> LimitRequestBody 10 </Location> ErrorDocument 413 "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'><html><head><title>Error 413 - Request Entity Too Large</title><style type='text/css'>* {font-family:Arial,Helvetica; text-decoration:none; font-size:16px;} body {margin:0px; padding:15px;}</style></head><body><h1 style='margin-top:0px; font-size:18px;'>Error 413</h1><p>Request Entity Too Large / Anfrage zur Bearbeitung zu lang<br />Tech. Contact: <a href='mailto:[email protected]?subject=Server-Error-413'>[email protected]</a></p></body></html>" ________________________________________________ OUTPUT TO THE BROWER (stripped, yes it adds the complete PHP sript) <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'><html><head><title>Error 413 - Request Entity Too Large</title><style type='text/css'>* {font-family:Arial,Helvetica; text-decoration:none; font-size:16px;} body {margin:0px; padding:15px;}</style></head><body><h1 style='margin-top:0px; font-size:18px;'>Error 413</h1><p>Request Entity Too Large / Anfrage zur Bearbeitung zu lang<br />Tech. Contact: <a href='mailto:[email protected]?subject=Server-Error-413'>[email protected]</a></p></body></html><?php /** CONTENT MANAGMENT SYSTEM / CONTENTLOUNGE ------------------------------------------------------------------ AENDERUNGEN UND WEITERGABE DIESER DATEI OHNE RUECKSPRACHE MIT DEM ENTWICKLER SIND LIZENZRECHTLICH NICHT GESTATTET! ---------------------------------------------------
signature.asc
Description: OpenPGP digital signature
