[Geomoose-users] Securing an application- hidden directories
Bistrais, Bob
Bob.Bistrais at maine.gov
Thu Jan 28 11:46:40 PST 2016
My saga of securing a GeoMoose website continues. One of the issues reported in the latest security scan is that hidden directories were detected. These normally issue a 403 Forbidden response. The recommended practice is to issue a 404 Not Found response instead.
I found out how to do this through the Apache settings, and it's pretty easy- in the http_d.cong file, add a line like this:
RedirectMatch 404 "../(the_directory_name)"
-That works for the majority of the hidden directories, but it falls apart with the cgi-bin directory. If I add a line in the conf file:
RedirectMatch 404 "cgi-bin"
-Then the application itself seems unable to access its own PHP files, or at least the errors occur when calling them.
This may be more a Mapserver or Apache question, but wonder if anyone here has any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geomoose-users/attachments/20160128/0a816bc7/attachment.html>
More information about the Geomoose-users
mailing list