OS X filesystem case insensitivity problems
I’m using os X (10.3.3) to serve images via apache here and have just been bitten by the lack of case sensitivity on the filesystem. I had a LocationMatch block in httpd.conf which was not as secure as I expected:
<LocationMatch "/.*/hires/.*">
<Limit GET>
Satisfy any
Order deny,allow
Deny from all
Allow from XX.XX.XX.XX
</Limit>
</LocationMatch>
This was obviously meant to stop access to a hires directory, however because of the lack of case sensitivity if you tried to grab the same url but with HIRES instead it would fail to match this regex but it would still match the hires directory. To fix this I have changed the regex to:
<LocationMatch "/.*/(H|h)(I|i)(R|r)(E|e)(S|s)/.*">
<Limit GET>
Satisfy any
Order deny,allow
Deny from all
Allow from XX.XX.XX.XX
</Limit>
</LocationMatch>
Subscribe via RSS