Eric,

Basically the thing is my security guy is saying that If I can any how able to 
fix the 404 error in lieu of the 403 Forbidden error then it'll fix the 
vulnerability.

I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even 
from telnet or with any scanner.

Sukhjeet Singh
Project Lead
Fiserv Global Services
Fiserv
Office: +91-120-4023086
Mobile: 9999991422
US: 1-877-271-3943 x 3086
www.fiserv.com


-----Original Message-----
From: Eric Covener [mailto:cove...@gmail.com] 
Sent: Wednesday, June 10, 2009 5:37 PM
To: users@httpd.apache.org
Subject: Re: [us...@httpd] default site

On Wed, Jun 10, 2009 at 4:07 AM, Matus UHLAR - fantomas
<uh...@fantomas.sk> wrote:
>> NameVirtualHost doesn't affect this selection, so the logic degrades
>> to simpler  _default_ and * are used when there isn't an exact match
>> on the IP.
>
> I've meant, if there's NameVirtualHost <ip>, the <VirtualHost _default_>
> will not match the IP even if there's no virtual host on that IP defined.
> Was I wrong?

AFAICT the _default_ vhost matches in this case -- the request is not
handled by the "base" config.

-- 
Eric Covener
cove...@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to