Support

felosi · #1 11-02-2007, 01:36 AM

For example if you chmod a directory 000 in order to disable it
Like this http://protectedhost.com/test/
http://sph1.net/test

Instead of giving a php error displaying full path it should simply give a forbidden error. It does the same any time it cannot read any folder, despite the contents

Is there any quick fix for this? Its somewhat of a security risk because it displays full path giving the sites username on the server.
Seems like it should invoke an error page instead of trying to open autoindex
Despite error reporting off will still show this

brrr · #2 11-02-2007, 05:04 AM

Some suggestions...

Disable auto-index for that server. And your PHP error reporting settings in php.ini may also be a factor too - eg ensure display_errors = Off.

But yeah, when LSWS encounters a file-system resource that it has no permissions to access, I would have thought a 403 error would have come up despite every other setting on the server.

felosi · #3 11-02-2007, 07:03 AM

does the same despite display errors, the links I posted display errors is on. Which I really have to leave that on so people can see problems with their apps, sites, etc
bottom one is with error reporting off