You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Adrian Portsmouth <se...@htaccessmanager.com> on 2004/11/27 16:00:55 UTC
[users@httpd] Raq_Apache_dot_htaccess
Dear List,
I am experiencing a problem with my web site and I am not 100% sure whether
it is Apache or FreeBSD related.
I asked a forum to comment on my web site and one of the users there
reported that his Norton Firewall (Using Firefox 1.0) blocked access to my
web site stating "Raq_Apache_dot_htaccess" which was claiming that I was
attempting to intrude in his computer. Of course I am not doing any such
thing so I began to investigate.
When searching for information about this threat it became clear that the
original problem was related directly to Cobalt RAQ servers, as I am running
FreeBSD 4.7 I was a bit confused. I delved further into the RAQ problem and
it pointed out some code which should be in the httpd.conf file, so I have
checked and ensured that this code was in place:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
I have restarted Apache and checked that the .htaccess file can no longer
been seen from the browser, I then asked the guy to retest and he is still
getting the same problem.
So I had no choice but to go out and buy a copy of Norton, I installed it,
made sure the software was fully up to date. I then rebooted the machine and
called the web site up in a variety of browsers and I cannot get the same
problem!
I know that the person who reported this is not messing about as he has sent
me screenshots of the pop-up by Norton so I am basically stumped now.
Has anyone else on FreeBSD had this issue and found a fix? The web site is
in the signature if anyone on the list has Norton Firewall and can see if
they can replicate the problem.
My machine is FreeBSD 4.7 running PHP 4.3.9 on Apache 1.3 I have root access
to the machine but cannot upgrade BSD, only install ports etc. The only time
I use .htaccess on the web site is for Mod Rewrite which is not doing
anything special.
Thanks in advance for your help.
============================================
Adrian Portsmouth
.htaccess Manager - SilkPHP
[e] service@htaccessmanager.com
[w] www.htaccessmanager.com
============================================
This email, its contents and attachments are confidential and may be covered
by legal privilege. This email contains information intended only for the
person(s) and/or entity named above. The views and opinions expressed are
those of the sender and not necessarily those of SilkPHP or its affiliates.
Any other distribution, copying, review, use or disclosure is strictly
prohibited. If you are not the intended recipient, please delete this
message and any attachments without making a copy and advise the sender by
return email - thank you.
This mail and any attachments have been scanned for viruses prior to leaving
the SilkPHP network. SilkPHP will not be liable for direct, special,
indirect or consequential damages arising from alteration of the contents of
this message by a third party or as a result of any virus being passed on.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Raq_Apache_dot_htaccess
Posted by Nick Kew <ni...@webthing.com>.
On Sat, 27 Nov 2004, Joshua Slive wrote:
> positive. This is just a guessing game, of course. You could start
> by trying to assure that you don't have the string "htaccess" in any
> of your URLs.
It's in his domain name. If that string of characters triggers a
warning, one can only boggle at the brokenness of the software.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Raq_Apache_dot_htaccess
Posted by Joshua Slive <js...@gmail.com>.
On Sat, 27 Nov 2004 15:00:55 -0000, Adrian Portsmouth
<se...@htaccessmanager.com> wrote:
> Dear List,
>
> I am experiencing a problem with my web site and I am not 100% sure whether
> it is Apache or FreeBSD related.
Neither.
>
> I asked a forum to comment on my web site and one of the users there
> reported that his Norton Firewall (Using Firefox 1.0) blocked access to my
> web site stating "Raq_Apache_dot_htaccess" which was claiming that I was
> attempting to intrude in his computer. Of course I am not doing any such
> thing so I began to investigate.
Most likely, it is actually claiming that *his* site is trying to
attack your *computer*.
>From the looks of it, this is simply the norton firewall being *very*
stupid. There was once, long ago, a stupid apache-distributor
(cobalt) who had a vulnerable apache configuration where .htaccess
files could be downloaded, possibly revealing sensitive information.
Norton is attempting to prevent such downloads, but it is doing it in
some stupid way that is generating false positives. It is probably
triggering off the presence of the string "htaccess" in the URL or
content of your website.
So, in other words:
- There is nothing wrong with your website.
- Norton firewall is generating a stupid false-positive.
Suggested fixes:
- Tell the client to fix his broken firewall.
- Try to identify the exact string that is triggering the false
positive. This is just a guessing game, of course. You could start
by trying to assure that you don't have the string "htaccess" in any
of your URLs.
Joshua
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Raq_Apache_dot_htaccess
Posted by Jeff Ball <us...@jeffball.com>.
> I am experiencing a problem with my web site and I am not 100% sure
> whether
> it is Apache or FreeBSD related.
>
> I asked a forum to comment on my web site and one of the users there
> reported that his Norton Firewall (Using Firefox 1.0) blocked access to my
> web site stating "Raq_Apache_dot_htaccess" which was claiming that I was
> attempting to intrude in his computer. Of course I am not doing any such
> thing so I began to investigate.
> When searching for information about this threat it became clear that the
> original problem was related directly to Cobalt RAQ servers, as I am
> running
> FreeBSD 4.7 I was a bit confused. I delved further into the RAQ problem
> and
> it pointed out some code which should be in the httpd.conf file, so I have
> checked and ensured that this code was in place:
>
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> Satisfy All
> </Files>
> I have restarted Apache and checked that the .htaccess file can no longer
> been seen from the browser, I then asked the guy to retest and he is still
> getting the same problem.
Long ago in the days of Redhat 4.x to 5.x, a not so "stupid
apache-distributor" called Cobalt Networks didn't block ".files" by default
in their custom config on what was at the time one of the only devices to
provide a easy hosting system that anybody could use without a great deal of
training... It was only after
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0234
that all Cobalt RaQ's, XTR's and Qube's included...
# ignore .ht*
<Files ".ht*">
deny from all
</Files>
You can see the patch that was used here
ftp://www.zeffie.net/cobalt/updates/decompressed/RaQ2/RaQ2-All-Security-Point-2.97.pkg/access.conf.patch
I would suggest that the "firewall" contains definitions for 2 server
systems that should not of been running online for years now and that the
"firewall" could very well be the problem here...
Zeffie...
http://www.zeffie.com/ 734-454-9117
Cobalt RaQ Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of RaQ rpms
Cobalt Spam Filter, Security, Firewall, Anti Virus Products
http://www.ensimfirewall.com/ The Only Ensim Certified Firewall!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org