Apache serving files that should not be served
-
09-06-2019 - |
Question
Today I discovered that my fresh installation of Apache HTTP Server is able to serve files from my C:\uploads\
directory.
I have two folders in C:\uploads
:
- C:\uploads\templates
- C:\uploads\sites
Both folders contain testimage.jpg
.
I found that Apache will serve the files from the templates folder if I request:
http://localhost/templates/testimage.jpg
However, http://localhost/sites/testimage.jpg 404's!
OMG - firstly, why does Apache serve the templates folder in the first place? Is it special?
Secondly, by what arbitrary set of rules does apache disallow access to other folders such the sites?
I'm so confused. Perhaps I've taken a wrong turn somewhere during the installation.
Solution
Did you look through your httpd.conf file to see what rules are in place for what is being served? Alternatively, are there .htaccess files that may be changing what is being served? You might have templates exposed in one or the other, but not sites... that's the first thing that comes to mind.
I would suggest going through these configuration files with a fine toothed comb to see what may cause the behavior you see.