Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Apache configuration through .htaccess
Posted by: Anonymous User
Date: September 05, 2007 05:41AM

I asked id this before but I think he is too busy, So I throw it onto the boards. As some of you know this stuff is visible for everyone:
hxxp://www.0x000000.com/error/HTTP_VARIANT_ALSO_VARIES.html.var
hxxp://www.mozilla.org/error/HTTP_VARIANT_ALSO_VARIES.html.var
etc..

Now i'm pretty keen in .htaccessing my way around: http://www.0x000000.com/rules.txt

It seems I cannot block this with an .htaccess, I tried many things, now I have a hunch why it isn't working.
These .var files also call regular html files in the /include/ folder which contain stuff like:
hxxp://www.0x000000.com/error/include/top.html etc.

Which are called though a server side include.

So anyone an idea how to block these without touching the Apache config files? Any help is greatly appreciated.

Options: ReplyQuote
Re: Apache configuration through .htaccess
Posted by: id
Date: September 05, 2007 09:23AM

Sorry, I missed your email as I was on vacation and didn't check my sl@ email the whole time...

Since your ISP allows htaccess you can override any ErrorDocument setting inside it to wherever you want.

in .htaccess or httpd.conf (either should work fine)

ErrorDocument 404 hxxp://ha.ckers.org/
ErrorDocument 506 /error/somefile.html

then just delete the normal html.var docs...which totally doesn't answer your question because I don't know, but that's what we've done on ha.ckers.

-id



Edited 1 time(s). Last edit at 09/05/2007 09:24AM by id.

Options: ReplyQuote
Re: Apache configuration through .htaccess
Posted by: Anonymous User
Date: September 05, 2007 07:45PM

Yeah indeed, but I cannot access the /error/ or /manual/ folder since it sits below httpdocs. I gonna try the errodocs, it might work.

Options: ReplyQuote
Re: Apache configuration through .htaccess
Posted by: id
Date: September 06, 2007 10:36AM

If you have

/

but not

/error

you should be able to

Alias /error/include/ "/your/include/path/"

In htaccess and bypass their stuff.

Of course this won't stop anyone that really wants to see what's going on as they will just find another virtual host on the same box, or go straight at the IP to pull the error files for info. Basically trying to stop it is pointless on shared hosting :(

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.