protection of /stats/

Discussion in 'General' started by tensor, Sep 25, 2009.

  1. tensor

    tensor New Member

    Currently there is a .htaccess file in /stats/ of every web site.

    Here is the contents:
    AuthType Basic
    AuthName "Members Only"
    AuthUserFile /var/www/clients/clientX/webYY/.htpasswd_stats
    <limit GET PUT POST>
    require valid-user
    Why <Limit> is used?
    Should not be there just a plain "require valid-user" directive? What if Apache has some other modules which implement HTTP methods which could be used to get the stats?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I've added this to the bugtracker.

Share This Page