You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/05/11 23:49:45 UTC
DO NOT REPLY [Bug 42399] New: - server-status and server-info download the index.php file
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42399
Summary: server-status and server-info download the index.php
file
Product: Apache httpd-2
Version: 2.0.58
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: critical
Priority: P2
Component: mod_rewrite
AssignedTo: bugs@httpd.apache.org
ReportedBy: lperico@libero.it
Open the status/info url with status module disabled download (not execute) the
index.php file whith clear password exposed.
Thanks in advance.
RewriteRule !\.(js|ico|gif|jpg|png|css|php)$ /index.php
http://zend.local/server-status
http://zend.local/server-info
<VirtualHost *:80>
ServerAdmin webmaster@zend.local
DocumentRoot C:/ApacheDirs/zend.local/htdocs
ServerName zend.local
ErrorLog C:/ApacheDirs/zend.local/logs/zend.local-error_log.log
CustomLog C:/ApacheDirs/zend.local/logs/zend.local-access_log.log common
RewriteEngine on
RewriteLog "C:/ApacheDirs/zend.local/logs/zend.local-rewrite.log"
# RewriteLogLevel 9
RewriteRule !\.(js|ico|gif|jpg|png|css|php)$ /index.php
</VirtualHost>
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 42399] - server-status and server-info download the index.php file
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42399>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42399
nick@webthing.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From nick@webthing.com 2007-05-11 15:18 -------
Please use a user support forum for configuration problems. It's just working
as you configured it.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org