LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Bug Reports > open directory loophole (bypasses .htaccess)

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 05-07-2007, 04:05 AM
aww aww is offline
Senior Member
  
Join Date: May 2007
Posts: 237
Default open directory loophole (bypasses .htaccess)
Apparently LiteSpeed has a bug where if you know the username you can go right past any -Indexes in .htaccess

http://example.com/~username

Shows the entire folder, no matter what.

So the emulation of Apache's mod_userdir is incomplete as it obeys .htaccess in that regard

Also I'd like an option (if there is not one already) to disable the ~username ability entirely like Cpanel's mod_userdir security tweak

(seriously, if you are claiming Cpanel compatibility you should go through all their security tweaks and make sure you can emulate them?)
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 04:02 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.