From 2a6d05ad55f187cdda2874afbac931885c0dc4ab Mon Sep 17 00:00:00 2001 From: Pascal Bach Date: Sat, 6 Jul 2019 21:29:49 +0200 Subject: [PATCH] Add hint toaliastraversal documentation Document on what to do if an alias points to a file and should thus not end with a / --- docs/en/plugins/aliastraversal.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/plugins/aliastraversal.md b/docs/en/plugins/aliastraversal.md index 42e802f..501712e 100644 --- a/docs/en/plugins/aliastraversal.md +++ b/docs/en/plugins/aliastraversal.md @@ -23,3 +23,4 @@ In other words, the incorrect configuration of `alias` could allow an attacker t It's pretty simple: - you must find all the `alias` directives; - make sure that the parent prefixed location ends with directory separator. + - or if you want to map a signle file make sure the location starts with a `=`, e.g `=/i.gif` instead of `/i.gif`.