Security Update 2004-12-02 makes changes to the httpd.conf file. After a successful update, the Apache configuration file will deny access to the following files:

  • */..namedfork/data
  • */..namedfork/rsrc
  • */rsrc
  • rsrc
  • .ht* (case insensitive)
  • .ds_s* (case insensitive)

Warnings:

  1. The configuration changes that block named-fork exposure apply only to the default webserver, apache1. If you’ve chosen to use Apache2, it’s recommended that you serve content from a UFS volume.
  2. For important related information, see “mod_hfs_apple” protects web content against case insensitivity in the HFS file system. Read the rest of this entry »