You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by ba...@mobinet.mn on 2005/10/05 10:33:28 UTC

[users@httpd] security

Hi,

In our web, users should login to access certain contents. But today we've
just realized that, one can acces those contents without loging in. In other
words, just typing http://xxx.xx/graph_view.php?action=tree
<http://xxx.xx/graph_view.php?action=tree&tree_id=22> &tree_id=22 brings the
graphs. We are using free software, may be that's why it is not so secure.
Has anyone suggest me how to prevent these kind of things. How can I
configure apache, so that it won't bring the page if it has REMOTE_USER env
variable not set?  Or if it has nothing to do with Apache?

BR, Baynaa.