[ previous ] [ next ] [ threads ]
 
 From:  Rene Moser <mail at renemoser dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  include files as raw
 Date:  Wed, 30 Jul 2008 14:40:24 +0200
hi

This is a minor issue but imho this is not very beautiful:

.inc files should not be shown in browser as raw see http://<ip>/auth.inc.

I know anybody can browse to these files only if authenticated and 
showing them is not a security issue, but there is also no need to show 
include files as raw.

So what about renaming them to .inc.php or let httpd parse .inc as .php 
or deny access to .inc?

Regards
rm
signature.asc (0.3 KB, application/pgp-signature)