|
|
Posted by Alan J. Flavell on 09/26/06 22:43
On Tue, 26 Sep 2006, Denise wrote:
> Don't know what I will do next. I've just been reading online some
> opinions that the CheckSpelling directive is rather a security risk.
That's a bit of a vague remark, but maybe it's referring to the effect
described here in the Apache documentation:
* the document trees should not contain sensitive files which could
be matched inadvertently by a spelling "correction".
Provided that you only upload to the server, files that you want to
make public, then this isn't really a problem. If you try to "hide"
some files by keeping their names a secret, then mod_speling might
expose them, I guess that's obvious, no?
> All I really want to do is have it check the case, which wouldn't
> involve any security problems, but it seems that's not possible.
Here's another possibility. If you take a look at
http://httpd.apache.org/docs/2.0/platform/windows.html#cust , then
there is, amongst other things, a recipe (third bullet point) which
will force all URLs to lower case. It uses mod_rewrite - but if your
provider has excluded mod_speling then it's on the cards that they
would have excluded mod_rewrite also. But it might be worth a try.
(don't be confused that the recipe is given for the Win32 context - it
looks equally usable in unix-ish contexts too). (Not actually tested
in practice, I admit).
Another alternative is to provide a custom 404 script which fixes-up
the kind of error you're talking about. But that would be a whole new
discussion theme...
good luck
Navigation:
[Reply to this message]
|