Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
litespeed:wiki:feature:internal_redirect [2014/05/22 20:28]
George Wang [Internal Redirect via LiteSpeed]
litespeed:wiki:feature:internal_redirect [2014/05/22 20:29]
George Wang [Internal Redirect via LiteSpeed]
Line 51: Line 51:
 === Security Consideration === === Security Consideration ===
  
-Unlike X-Sendfile or X-Accel-Redirect implementation in other web servers, LiteSpeed uses a URL instead of file path for security reasons. In this way, only file under document root of a virtual host or a Context can be returned, otherwise, it could be a huge security issue if for some reason, either tricked or intentionally,​ the script sent back a header "​X-Sendfile:​ /../etc/./password%00" or something like that, user accounts on your server is no longer a secret. 8-)+Unlike X-Sendfile or X-Accel-Redirect implementation in other web servers, LiteSpeed uses a URL instead of file path for security reasons. In this way, only file under document root of a virtual host or a Context can be returned, otherwise, it could be a huge security issue if for some reason, either tricked or intentionally,​ the script sent back a header "​X-Sendfile:​ /../etc/./passwd%00" or something like that, user accounts on your server is no longer a secret. 8-)
  
 === Protecting file from direct access === === Protecting file from direct access ===