github
/
gixy
mirror of https://github.com/yandex/gixy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add hint toaliastraversal documentation 

Document on what to do if an alias points to a file and should thus not end with a /
pull/100/head
Pascal Bach 2019-07-06 21:29:49 +02:00 committed by Andrew Krasichkov
parent 3b2713b537
commit fa9315ca6a
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/en/plugins/aliastraversal.md
View File

@ -23,3 +23,4 @@ In other words, the incorrect configuration of `alias` could allow an attacker t
It's pretty simple: It's pretty simple:
- you must find all the `alias` directives; - you must find all the `alias` directives;
- make sure that the parent prefixed location ends with directory separator. - make sure that the parent prefixed location ends with directory separator.
- or if you want to map a signle file make sure the location starts with a `=`, e.g `=/i.gif` instead of `/i.gif`.