www/115945: [WWW server] missing mimetype: .inc does not
work.
Daniel Gerzo
danger at FreeBSD.org
Thu Aug 30 08:48:07 PDT 2007
Hello chinsan,
Thursday, August 30, 2007, 5:10:06 PM, you wrote:
>> >Originator: chinsan
>> >Release: FreeBSD 6.2-STABLE i386
>> >Organization:
>> Taiwan
>> >Environment:
>> System: FreeBSD blog.homiya.com 6.2-STABLE FreeBSD 6.2-STABLE #1: Wed Jul 25 09:11:00 CST 2007
>> root at blog.homiya.com:/usr/obj/usr/src/sys/SMP i386
>>
>> >Description:
>> lighttpd doest not include .inc file type as the default mimetypes.
>> Therefore, it will return 403(Forbidden) error.
>
> Oh.. I found what really matters: url.access-deny instead of mime type.
Why do you want to allow viewing of .inc files? Some web apps (mainly
a few php projects) use .inc files as configuration files, that
contain sensitive information, which could be abused.
> Remove .inc from lighttpd.conf, ie:
> -url.access-deny = ( "~", ".inc" )
> +url.access-deny = ( "~" )
--
Best regards,
Daniel mailto:danger at FreeBSD.org
More information about the freebsd-www
mailing list