Support

aww · #1 05-07-2007, 04:05 AM

Apparently LiteSpeed has a bug where if you know the username you can go right past any -Indexes in .htaccess

http://example.com/~username

Shows the entire folder, no matter what.

So the emulation of Apache's mod_userdir is incomplete as it obeys .htaccess in that regard

Also I'd like an option (if there is not one already) to disable the ~username ability entirely like Cpanel's mod_userdir security tweak

(seriously, if you are claiming Cpanel compatibility you should go through all their security tweaks and make sure you can emulate them?)

mistwang · #2 05-07-2007, 09:38 PM

This has been fixed in updated 3.1.1 release package. The "ErrorDocument" directive has been verified to be working.

aww · #3 05-07-2007, 10:23 PM

I am testing a .htaccess with just

ErrorDocument 403 "Forbidden"
ErrorDocument 404 "missing"

inside it. If I go to example.com/blahblah
the server stalls for a few seconds and then returns a blank page (this is in Firefox/Opera as IE can't deal with short error pages)

I assume you mean a forthcoming 3.1.1 release as the one you gave me the other day is what I am using and it does not obey ~username .htaccess

mistwang · #4 05-08-2007, 07:39 AM

Just download 3.1.1 package again.