Alias or RedirectMatch in Apache

[Grant M.]

Hunter Heinlen wrote:
> Unfortunately, this produces syntax errors (Invalid command 
> 'RewriteRule').  I am effectively required to use mod_alias.  I could 
> try to convince people in management here that mod_rewrite is not such a 
> horrible security risk, but if I don't have to, even better.

I am by no means a security expert, but providing that you don't use 
variables in a strange sort of way that risks breaking it, or allow 
anyone to use the rewrite rules, I am unaware of any major security 
holes. I in fact, did a quick Google of it, which seems to suggest that 
there really aren't any inherent security risks to mod_rewrite short of 
a bug in a version of it for Apache 1.3. I shouldn't think it would be 
an issue provided the version was up to date, and you used common sense 
implementing it. Please correct me if I've missed something.
Thanks,
Grant M.
-- 
Grant Mongardi
Senior Systems Engineer
NAPC

gmongardi at napc.com
http://www.napc.com/
781.894.3114 phone
781.894.3997 fax

NAPC | technology matters


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.