Apache Technologies 14 Manual de usuario descargar pdf (Pagina 55)

Chapter 3 Managing Websites 55

http://example.com/Protected/sECreT

But they could bypass it by using something like the following:

http://example.com/PrOtECted

http://example.com/PrOtECted/secret

http://example.com/PrOtECted/sECreT

Fortunately, mod_hfs_apple prevents those types of efforts to bypass the security

realm, and this module is enabled by default.

Note: mod_hfs_apple operates on folders; it is NOT intended to prevent access to

individual files. A file named “secret” can be accessed as “seCREt”. This is correct

behavior, and does not allow bypassing security realms.

You can verify that mod_hfs_apple is operating correctly by creating a security realm

and attempting to bypass it with a case-variant of the actual URL. You will be denied

access and your attempt will be logged in the web service error log with messages

similar to the following:

[Wed Jul 31 10:29:16 2002] [error] [client 17.221.41.31] Mis-cased URI:

/Library/WebServer/Documents/PrOTecTED/secret, wants: /Library/WebServer/

Documents/Protected/

1 2 ... 50 51 52 53 54 55 56 57 58 59 60 ... 82 83

Sin comentarios

Apache Technologies 14 Manual de usuario Pagina 55