>
> The first concern was sites that set up web servers with the root document
> tree as /afs. Transarc is the most obvious site that currently does this.
> What this allows is anyone with a web browser to start poking around
> AFS cells. So if someone wanted to start looking at Transarc's cell they
> can go to the following URL:
>
> http://www.transarc.com/afs/transarc.com/
>
Until about 24 months ago we were also guilty of this, but only within
our cell, we didn't point to /afs. We discovered some of the same
things, users had files showing up on altavista, etc. After an
indepth review of somewhere around 1.5 seconds we decided that this
was a bad thing.
After we cleaned up our act we thought we were doing OK until one day
a student came to me and asked why his mail directory was on
altavista. When I replied that it was probably a remnant from the
previous problem he pointed out that the indexed message was only a
couple of weeks old.
We poked around some and it turned out that another department
(actually one that we help out) was running their own web server and
we had missed it. Fortunatly, this one was netscape so I could take
the ultra conservative act of putting a .nsconfig file at the top of
the user tree. Because we are using an apache server I could simply
put a deny all in the file and no netscape server would descend that
tree. Now that we have them moved to another web server I'm in the
process of moving that .nsconfig file to the top of our cell.
I guess the point is, in addtion to ACLs based control, you can
probably also use .htaccess and .nsconfig to help with this. You have
to be careful that you don't keep your own server from getting to
things, but with a little thought you should be able to stop others
using files that most webservers will recognize and honor. It may
also help you locate any "extra" web servers that might be running
in your domain :-)
thanx
-jmck
--
Jim McKinney [EMAIL PROTECTED]
System Administrator Manager, ECE Office: HH1304
Carnegie Mellon University (412) 268-5141
Age doesn't always bring wisdom. Sometimes age comes alone.
