LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Re: wa in UNIX
Valdis Kletnieks <[log in to unmask]>
Wed, 4 Feb 2004 15:02:13 -0500
text/plain (19 lines) 
On Wed, 04 Feb 2004 11:52:21 PST, Shinn Wu <[log in to unmask]>  said:
> I don't really understand the 'protection' of wa offers in UNIX.  I
> install wa in /usr/local/apache/cgi-bin and the archives is under
> /usr/local/apache/htdocs/archives.  All the archives can be accessed by
> subscribers ONLY.  BUT, you can easily bypass the email/password if you
> know (or guess) the name of ANY archive, e.g,
>
> http://www.anysite.com/archives/test.log0301
>
> or even better
>
> http://www.anysite.com/archive/test.html
>
> to search the whole list.  It didn't offer any .htaccess.  I must miss
> something important, but I could not find it either in manual or LSTSRV-L.
> Would someone shed a light or confirm that?  Thanks.

You're missing a .htaccess that denies access to archive/*

ATOM RSS1 RSS2