You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2002/09/11 22:30:38 UTC
Re: [users@httpd] Strange behavior of Apache 1.3.26
douglap@dupreeinc.com wrote:
> I had a file on the apache server called GenerateIndex.php which I renamed to GenerateIndex.php.old at some point while I was working on the site.
> Later, I was at a remote site and I missed my click on the history bar and mistakenly selected a link to the file GenerateIndex.php file. Well, the Apache
> server sent the raw text from the GenerateIndex.php.old file to my remote location ( I was a bit concerned because the php file has some database
> usernames and passwords hard coded into it.
>
> Is this a bug that should be reported or is this behavior (asking for GenerateIndex.php and receiving GenerateIndex.php.old) already know or
> expected?
See the Options directives with special attention to the MultiViews
option. You probably want that turned off unless you are doing
content-negotation.
I would also guess you are using a <FilesMatch> to designate your php
scripts, rather than the better AddType or AddHandler directives, which
would have marked the file as a php script regardless of the extra
extension.
And, or course, I'm sure you have now figured out that it is not a good
idea to keep material that you don't want web-accessible in the webspace.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org