--
Freedom, Truth, Love, Beauty.
John Rodenbiker
[EMAIL PROTECTED]
On Mar 10, 2006, at 4:25 PM, Sean Conner wrote:
It was thus said that the Great John Rodenbiker once stated:
Is there a way to have httpd drop requests to URIs that don't actually
exist in my environment?
It's turned on by default in Apache. In other words, any content
*outside* of the DocumentRoot is not served up, no matter how many
"../" are
thrown at the web server. Don't put anything you don't want seen in
the
DocumentRoot.
That's good to know, thank you.
The reason I ask is because there is a company trying to sell a "web
application firewall" that appears to do just what I asked, except for
$9995. Are these guys full of it, or what are they really offering?
http://www.webscurity.com/products.htm
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
