Eric, Basically the thing is my security guy is saying that If I can any how able to fix the 404 error in lieu of the 403 Forbidden error then it'll fix the vulnerability.
I mean instead of HTTP/1.1 403 I should get HTTP/1.1 404 while anyone try even from telnet or with any scanner. Sukhjeet Singh Project Lead Fiserv Global Services Fiserv Office: +91-120-4023086 Mobile: 9999991422 US: 1-877-271-3943 x 3086 www.fiserv.com -----Original Message----- From: Eric Covener [mailto:[email protected]] Sent: Wednesday, June 10, 2009 5:37 PM To: [email protected] Subject: Re: [us...@httpd] default site On Wed, Jun 10, 2009 at 4:07 AM, Matus UHLAR - fantomas <[email protected]> wrote: >> NameVirtualHost doesn't affect this selection, so the logic degrades >> to simpler _default_ and * are used when there isn't an exact match >> on the IP. > > I've meant, if there's NameVirtualHost <ip>, the <VirtualHost _default_> > will not match the IP even if there's no virtual host on that IP defined. > Was I wrong? AFAICT the _default_ vhost matches in this case -- the request is not handled by the "base" config. -- Eric Covener [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
