On Sun, Jun 16, 2002 at 06:55:45PM -0400, Joshua Slive wrote:
> Tony Finch wrote:
> > On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
>
> >>I guess you can put pretty much whatever you like in the Host: header.
> >>It is not a major security whole, in my opinion, but it is better no
Tony Finch wrote:
On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
I guess you can put pretty much whatever you like in the Host: header.
It is not a major security whole, in my opinion, but it is better not
allowed. Cliff just checked in a fix to get rid of the problem in
httpd-2
On Sat, Jun 15, 2002 at 10:15:17PM -0400, Joshua Slive wrote:
> Rich Bowen wrote:
> >
> > Can you elaborate on that? Why would the vhost name ever have a slash in
> > it? I can see that it could be a security problem, but how would one
> > ever get in there?
Script kiddies.
> I guess you can put
Rich Bowen wrote:
On Sat, 15 Jun 2002, Joshua Slive wrote:
It is fairly similar to yours, but not quite the same. Both your script
and the one in httpd-2.0 are missing a necessary security fix from the
1.3 version (strip slashes from the vhost name).
Can you elaborate on that? Why would the vho
On Sat, 15 Jun 2002, Joshua Slive wrote:
> [EMAIL PROTECTED] wrote:
> > rbowen 2002/06/15 13:09:08
> >
> > Modified:docs/manual/vhosts fd-limits.html.en
> > Log:
> > Added configuration example, code example, and a little explanation, to
> > facilitate logging all of your virtual
[EMAIL PROTECTED] wrote:
rbowen 2002/06/15 13:09:08
Modified:docs/manual/vhosts fd-limits.html.en
Log:
Added configuration example, code example, and a little explanation, to
facilitate logging all of your virtual hosts to a single file, and then
splitting them back up after. Not