Menu
▾
▴
#90 accesing home dir
by default the homedir are accesible by the setting of Doc_PublicHtml in httpdthread. Thedefault should not allow access as this is a security hole.
When you disable it you will get different error messages (403 or 404) depending on whether the user exists or not. better change in doc.tcl:
if {[regexp ^~ $pathlist]} {
if {[info exists Doc(homedir)]} {
set user [lindex $pathlist 0]
if {[catch {glob $user} homedir]} {
Doc_NotFound $sock
return ;# No such user
}
set directory [file join $homedir $Doc(homedir)]
set pathlist [lrange $pathlist 1 end]
set suffix [join $pathlist /]
} else {
Httpd_Error $sock 403
return
}
}
so all will get 403
also auth.tcl encounters unexpected error when trying to access unexisting home dir:
www.yoururl/~someUser