can detect presence of hidden directories through HTTP redirects:
just did some testing with my local setup:
$ curl -s -D - -o /dev/null http://localhost/~thorben/cgi-bin HTTP/1.1 301 Moved Permanently Location: http://localhost/~thorben/cgi-bin/ Content-Length: 0 Date: Sat, 12 Jul 2008 19:17:27 GMT Server: lighttpd/1.4.19
$ curl -s -D - -o /dev/null http://localhost/~thorben/cgi-bin/ HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 345 Date: Sat, 12 Jul 2008 19:17:29 GMT Server: lighttpd/1.4.19
oh. suddenly nothing found. for testing, do the same for a nonexisting dir:
$curl -s -D - -o /dev/null http://localhost/~thorben/cgy-byn HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 345 Date: Sat, 12 Jul 2008 19:21:41 GMT Server: lighttpd/1.4.19
So, I could find existing but "invisible" dirs using this by some educated guesswork?
Updated by stbuehler over 11 years ago
- Status changed from New to Fixed
- Resolution set to invalid
If you "hide" directories for example with mod_alias, there is nothing lighty could do to prevent this. (Ok, we "could" try the request before send the 304, but... yeah. Not really)
Btw: I think alias.url = ( "/cgi-bin" => "/your-not-existing-directory/" ) wouldn't trigger that, only if you use a trailing slash for the source.
Also available in: Atom