Hi all,
Is the double quote neccessary around the word data or any line following the Admin Modify Rules?
URL ends with "data" OR
URL ends with "rsrc" OR URL contains ".ds_store" Change root path to "" Change URL path to "/" Continue with Rule "stop"
Move the rule so it is first in the list and check the "Preprocess"
Thanks a lot.
Bruce
This is important. If there are webstar users who don't subscribe to the webstar list, you need to implement this immediately.
------ Forwarded Message From: Debbie Brewer <[EMAIL PROTECTED]> Reply-To: 4D WebSTAR Talk List <[EMAIL PROTECTED]> Date: Thu, 9 Dec 2004 18:32:34 -0800 To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: [ANN]Workaround for Potential Security Vulnerability on HFS+ Volu mes
------------------------------------------------------------------- 4D Announcements December 9, 2004 ------------------------------------------------------------------- Summary: [1] Workaround for Potential Security Vulnerability on HFS+ Volumes ------------------------------------------------------------------- [1] Workaround for Potential Security Vulnerability on HFS+ Volumes ------------------------------------------------------------------- Workaround for Potential Security Vulnerability on HFS+ Volumes
This Admin Modify Rule will provide a workaround to block any potential vulnerability in HFS+ volumes that would allow an attacker to access a files data fork or return the file listings from a web server running on Mac OS X. This address the issues (that relate to 4D WebSTAR servers) that were raised by Macworld in the following article:
<http://www.macworld.com/news/2004/12/08/webhole/index.php>
Thanks to Fletcher Sandbeck of Blue World for creating and posting this rule earlier today.
Open the 4D WebSTAR Admin Client and access DefaultSite. Open the Web Rewrite > Admin Modify Rules section. Create a new rule with the following properties: URL ends with "data" OR URL ends with "rsrc" OR URL contains ".ds_store" Change root path to "" Change URL path to "/" Continue with Rule "stop" Move the rule so it is first in the list and check the "Preprocess" checkbox. Click "Save" to save the rule.
This Admin Modify Rule should apply globally and protect every site on the WebSTAR server.
********************************************************************** 4D WebSTAR Talk hosted by 4D, Inc. http://www.4D.com/ ----------------------------------------------------------------------
4D Mail Server and 4D WebSTAR v5.3 Now Shipping! * Easy * Spam Protection * Virus Scanning Support * More <http://www.4d.com/products/4dmail.html>
Archives http://www.4d.com/mailsearch List Administrator mailto:[EMAIL PROTECTED] Subscriptions http://www.4d.com/maillists Unsubscribe Email Address mailto:[EMAIL PROTECTED] **********************************************************************
------ End of Forwarded Message
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
