Skip to content

Commit

Permalink
Add hint toaliastraversal documentation
Browse files Browse the repository at this point in the history 
Document on what to do if an alias points to a file and should thus not end with a /
  • Loading branch information
@bachp @buglloc
bachp authored and buglloc committed Jul 8, 2019
1 parent 3b2713b commit fa9315c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/en/plugins/aliastraversal.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ In other words, the incorrect configuration of `alias` could allow an attacker t
It's pretty simple:
- you must find all the `alias` directives;
- make sure that the parent prefixed location ends with directory separator.
- or if you want to map a signle file make sure the location starts with a `=`, e.g `=/i.gif` instead of `/i.gif`.

0 comments on commit fa9315c

Please sign in to comment.