Article ID: 2797, created on Oct 29, 2007, last review on Apr 17, 2012

  • Applies to:
  • Pro Control Panel Linux


View Knowledge
Knowledge ID 2183
Product : Ensim Pro for Linux
Version : 4.1.0
Topic : Hotfix

HTTP POST can be issued against files in the protected directory

Addresses the issue "HTTP POST can be issued against files in the protected directory"



Product:Ensim Pro for Linux
4.1.0 (Fedora Core 1, Fedora Core 2, Red Hat Enterprise Linux 3, Red Hat Enterprise Linux 4, CentOS 4.1, CentOS 4.2)
Date:  01-February-2006
Patch Description: 
Addresses the issue:
HTTP POST can be issued against files in the protected directory.
Overview : When Ensim control panel is used to protect a directory, the .htaccess file only protects HTTP GET. HTTP POST can still be issued against files in the protected directory.
To protect this unauthorised entry and overcome the above-mentioned issue please apply this hotfix.

For fc1:
(md5sum: 64d5ba16fed63dfe765ee95049bd8298)                                      
For fc2: 

For RHEL3:

For RHEL4:

For CentOS 4.1:

For CentOS 4.2:

Installation Procedure:

  • Get the webppliance-apache RPM from the locations mentioned above.
  • Upgrade the RPM. Webppliance restart is not required.

Protecting New Directories:

  • Log in as siteadmin (Frontpage should not be enabled for your site).
  • Go to apache->protect directories.
  • Enter the info and protect the directory.
  • Check the .htaccess file inside that directory, it should have the proper GET and POST directives against the Limit tag

Re-apply the directory protection to existing directories:

  • For directories already protected with an earlier version of Ensim Pro, you will have to re-protect all the existing protected directories.
  • Follow steps 1 and 2 as mentioned in the previous section.
  • Now unprotect the directory, and again protect it.
  • Again, check the .htaccess file for the GET and POST tags.

Note:If you already have protected directories on server then you can execute the attached file to apply fixes to them.


Related Knowledge

Related Links
Last ModifiedUsageSatisfiedLast Used
2/1/2006 6:47:28 AM136 10/11/2007 4:25:23 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF