Beccato baco di Apache, debian pubblica:

        https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html

in cui inserisce la sibillina:

 Unfortunately, fixing these security vulnerabilities may require
 changes to configuration files. Some out-of-specification
 RewriteRule directives that were previously silently accepted,
 are now rejected with error AH10409. For instance, some RewriteRules
 that included a back-reference and the flags "[L,NC]" will need to
 be written with extra escaping flags such as "[B= ?,BNP,QSA]".

che o uno è un Guru delle Apache rewritre rule, o non ci capisce una sega.

Ad esempio "[L,NC]" vuol dire le rewrite rule che contengono 'L' e 'NC' o
esattamente quelle che contengono 'L,NC'?!

Una rewritre rule come:

        RewriteRule ^/\.well-known/carddav 
https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
        RewriteRule ^/\.well-known/caldav 
https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
        RewriteRule ^/\.well-known/webfinger 
https://%{SERVER_NAME}/index.php/.well-known/webfinger [R=301,L]

(nextcloud) è vulnerabile?!


Grazie...

-- 
  If SMB was an animal it would go wolf and most people would have shot it
  or put it down humanely.                              (Rod Boyce)


Rispondere a