Date: Fri, 03 Aug 2001 18:02:28 +0100 From: setantae <setantae@submonkey.net> To: FreeBSD-gnats-submit@freebsd.org Subject: misc/29414: http://www.uk.freebsd.org/cgi lets anyone view the cgi programs Message-ID: <E15SiLE-0000JO-00@rhadamanth.hounds>
next in thread | raw e-mail | index | archive | help
>Number: 29414 >Category: misc >Synopsis: http://www.uk.freebsd.org/cgi lets anyone view the cgi programs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 03 10:10:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: setantae >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: >Environment: System: FreeBSD rhadamanth.hounds 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #4: Fri Aug 3 12:49:51 BST 2001 root@rhadamanth.hounds:/usr/obj/usr/src/sys/RHADAMANTH i386 >Description: www.uk.freebsd.org has the incorrect config regarding the /cgi directory. Visiting http://www.uk.freebsd.org/cgi gives a directory index, and choosing any of the files therein shows you the source code instead of the output of their execution. Other mirrors do not allow directory indexing on that part of the site. In addition, www3.uk.freebsd.org allows you to view the source of any script in /cgi if you already know it's name. All other mirrors I have tried also allow this, though none other than www.uk.freebsd.org allow directory indexing. >How-To-Repeat: Visit http://www.uk.freebsd.org/cgi in a browser. >Fix: i) Change the way that mirroring works so that all mirrors redirect to www.freebsd.org/cgi for these ? ii) Produce guidelines regarding httpd configuration for mirror sites ? >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15SiLE-0000JO-00>