On Wed, 28 Jan 2004, Jani Mikkonen wrote: > > On the other hand (running out of hands here) where do we draw the line. > > Do we need a rule for vi swap files? MS Word swap files? Pico swap > > files? > > My point for the post was that this should be told in the security tips > pages as it might not be obvious to everyone who starts to configure > apache the way they like it. And most cases, there are different people > for writing the content files and for configuring apache. So you cannot > just eliminate stupidity without heavy larting and bofhing. > > This didnt come to me as "yeah it would be fun to block these" but i > actually withnessed someone probing my homesite. That prober had created > a list of all files in my docroot with *.php extension and crawling thru > them and then sending requests with same filename and ~ at the end.
I certainly wasn't suggesting that. I simply want to discuss all the ramifications, and how far we should take this. I think it's a good idea, but I want to do it correctly and thoroughly. But at the same time, not overdo it. -- Stretching out your hand Full of starlit diamonds Earthshine --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
