top | item 46735254

(no title)

quibono | 1 month ago

Re: the unauthenticated RCE (CVE-2025-11344), am I to understand that Apache will read and honour any .htaccess file it finds, even outside of the config root path? The lack of file clean-up when handling the exception is one thing... but this .htaccess logic strikes me as a bizarre default (if true).

discuss

formerly_proven|1 month ago

Yes, Apache reads and honors .htaccess at every directory level for every request. 'twas how we did things before nginx with its pesky, centrally-sanctioned configuration that you had to manually reload.

quibono|1 month ago

Thank you. Sounds like I should stick to me boring nginx

unknown|1 month ago

[deleted]