TUCoPS :: SunOS/Solaris :: cobalt4.htm

Sun Cobalt RaQ2/RaQ3 Apache configuration problem
Vulnerability

    Cobalt

Affected

    Cobalt apache configuration

Description

    Paul Schreiber found following.  Following some discussion on  the
    cobalt-users list,  it seems  that this  problem affects  both the
    Raq2 and Raq3. I t likely affects other cobalt products, but  this
    hasn't been confirmed it.  It was verified on Raq2.

    By default, raq-hosted sites expose .htaccess files to the  world.
    The configuration files are located in /etc/httpd/conf/.

    Interestingly   enough,   the   access.conf   file   contains  the
    following:

        # ignore .files
        #<Files "\.*">
        #deny from all
        #</Files>

    Note it is commented out.

Solution

    Add these lines to your access.conf file and restart Apache  (This
    was taken from debian install):

        # Do not allow retrieval of the override files,
        # a standard security measure.
        <Files .htaccess>
        order allow,deny
        deny from all
        </Files>

    Annoyingly enough, if you  modify this file, Cobalt  will probably
    tell you your warranty is void.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH