On 2013-08-07, at 09:08, king cope <[email protected]>
wrote:
> SymLinksIfOwnerMatch will not help in this attack scenario because the
> .htaccess file overwrites this Options directive
AllowOverride can be used to prevent this as well by specifying a set of values
for Options which does not include FollowSymlinks, e.g.
AllowOverride AuthConfig FileInfo Indexes Limit
Options=ExecCGI,Includes,Indexes,MultiViews,SymlinksIfOwnerMatch
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
