Auto Lockdown too aggressive on Apache

Forum|Forum|4 years ago
December 3, 2021
0 replies
110 views

Auto Lockdown adds a few RedirectMatch rules to prevent accessing certain parts of your install when securing an Apache install. A few of the regex's used in these rules are too generic. For instance:

RedirectMatch 404 (?i).*.svn.*
RedirectMatch 404 (?i).*.git.*

The unescaped period and lack of a leading directory separator makes these rules too generic. In particular, the .git expression matches a common words like digit or digital. These were added with the 2021 lockdown tool I downloaded on October 11th and I'm not sure how long they've been added.

This topic has been closed for replies.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded