Re: MHonArc security tip

1999-08-20 20:17:37
For those who set up their archives to mask out addresses, you
should also make sure that the .mhonarc.db file cannot be
accessed since it will contain address information.  If you are
using Apache, add the following to your httpd.conf:

<Files .mhonarc.db>
    Order allow,deny
    Deny from all

As an aside you *may* run into problems if using an older version
of Apache.  This feature was added in 1.2b5, and other problems 
(like this failing within <Location> directives) were apparent
through 1.3b6.

Another solution is to use mod_rewrite with a rule like

   RewriteRule ^(.*)/.mhonarc.db $1 [R=permanent]

This redirects requests to the parent directory (the actual archive).
(note: mod_rewrite wasn't included with Apache until 1.2b3, although
it was available separately prior to that).


<Prev in Thread] Current Thread [Next in Thread>