Date: Thu, 30 Aug 2007 17:14:28 +0200 From: Daniel Gerzo <danger@FreeBSD.org> To: chinsan <chinsan.tw@gmail.com> Cc: freebsd-www@FreeBSD.org Subject: Re[2]: www/115945: [WWW server] missing mimetype: .inc does not work. Message-ID: <399109408.20070830171428@rulez.sk> In-Reply-To: <200708301510.l7UFA6vn041284@freefall.freebsd.org> References: <200708301510.l7UFA6vn041284@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello chinsan, Thursday, August 30, 2007, 5:10:06 PM, you wrote: >> >Originator: chinsan >> >Release: FreeBSD 6.2-STABLE i386 >> >Organization: >> Taiwan >> >Environment: >> System: FreeBSD blog.homiya.com 6.2-STABLE FreeBSD 6.2-STABLE #1: Wed Jul 25 09:11:00 CST 2007 >> root@blog.homiya.com:/usr/obj/usr/src/sys/SMP i386 >> >> >Description: >> lighttpd doest not include .inc file type as the default mimetypes. >> Therefore, it will return 403(Forbidden) error. > > Oh.. I found what really matters: url.access-deny instead of mime type. Why do you want to allow viewing of .inc files? Some web apps (mainly a few php projects) use .inc files as configuration files, that contain sensitive information, which could be abused. > Remove .inc from lighttpd.conf, ie: > -url.access-deny = ( "~", ".inc" ) > +url.access-deny = ( "~" ) -- Best regards, Daniel mailto:danger@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?399109408.20070830171428>