> I've uploaded B60-leading-slash.txt, which fixes this bug:
> Requesting a resource without a leading slash will:
> * not work (not a problem as it could only come from an invalid URL)
> * cause a possible security breach; if docroot is /htdocs then
> GET -secret/passwd HTTP/1.0
>
> will cause httpd to access /htdocs-secret/passwd
Here's what I see, this doesn't look right.
>telnet ooo 80
Trying...
Connected to ooo.lanl.gov.
Escape character is '^]'.
GET weee HTTP/1.0
HTTP/1.0 302 Found
Date: Friday, 07-Apr-95 19:25:42 GMT
Server: Apache/0.4
Location:
http://ooo.lanl.govweee Content-type: text/html
<HEAD><TITLE>Document moved</TITLE></HEAD>
<BODY><H1>Document moved</H1>
This document has moved <A HREF="
http://ooo.lanl.govweee">here</A>.<P>
</BODY>
Connection closed by foreign host.
-=-=-=-=-
1.3 gives....
>telnet xxx 80
Trying...
Connected to xxx.lanl.gov.
Escape character is '^]'.
GET wee HTTP/1.0
HTTP/1.0 404 Not Found
Date: Friday, 07-Apr-95 19:29:54 GMT
Server: NCSA/1.3
MIME-version: 1.0
Content-type: text/html
<HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY><H1>404 Not Found</H1>
The requested URL wee was not found on this server.<P>
</BODY>
Connection closed by foreign host.
did I mess something up ?
robh