On 2010-06-11 at 08:39, Volker wrote:
> Hi,
>
> while playing around with handlers, i noticed, that any user can
> register the 'server-status'-handler by putting
>
>
> SetHandler server-status
>
>
> in an htacces-File. This can not be prevented by using a alternating
> AllowOverride-directives,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> attached files:
> mod_status.c - the complete module
> mod_status-diff.patch - the patch with all changes made
and of course, the files... :-)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
while playing around with handlers, i noticed, that any user can
register the 'server-status'-handler by putting
SetHandler server-status
in an htacces-File. This can not be prevented by using a alternating
AllowOverride-directives, since 'Set