Eric, Basically the thing is my security guy is saying that If I can any how able to fix the 404 error in lieu of the 403 Forbidden error then it'll fix the vulnerability.
I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even from telnet or with any scanner. Sukhjeet Singh Project Lead Fiserv Global Services Fiserv Office: +91-120-4023086 Mobile: 9999991422 US: 1-877-271-3943 x 3086 www.fiserv.com -----Original Message----- From: Eric Covener [mailto:cove...@gmail.com] Sent: Wednesday, June 10, 2009 5:37 PM To: users@httpd.apache.org Subject: Re: [us...@httpd] default site On Wed, Jun 10, 2009 at 4:07 AM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >> NameVirtualHost doesn't affect this selection, so the logic degrades >> to simpler _default_ and * are used when there isn't an exact match >> on the IP. > > I've meant, if there's NameVirtualHost <ip>, the <VirtualHost _default_> > will not match the IP even if there's no virtual host on that IP defined. > Was I wrong? AFAICT the _default_ vhost matches in this case -- the request is not handled by the "base" config. -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org