http://diymacserver.com/forum/ DIYMacServer » Topic: mod_hfs_apple in Apache 2 en Wed, 08 Feb 2012 17:41:12 +0000 http://diymacserver.com/forum/topic/mod_hfs_apple-in-apache-2#post-878 Tue, 07 Sep 2010 08:18:16 +0000 chrisbunch 878@http://diymacserver.com/forum/ <p>Thanks both -</p> <p>It seems basically that Apple does not recommend/support Apache 2.x running on HFS+ volumes, and recommends using UFS volume instead. The relevant TAs are <a href="http://support.apple.com/kb/TA22750" rel="nofollow">http://support.apple.com/kb/TA22750</a> and <a href="http://support.apple.com/kb/TA21099" rel="nofollow">http://support.apple.com/kb/TA21099</a></p> <p>The latter has a good illustration of the issue.</p> <p>I guess reformatting as a case-sensitive HFS volume would do the trick, but much less convenient for Terminal work.</p> <p>Redirection is a possibility but only for short names as one would need to create a redirection for every case permutation - 1. Tedious.</p> <p>.htaccess files are out of favour at the moment: I am trying to clear up after a hacker injected some code somewhere that periodically creates .htaccess files in every conceivable folder containing a redirection to musikkorps.com... </p> http://diymacserver.com/forum/topic/mod_hfs_apple-in-apache-2#post-845 Tue, 27 Jul 2010 17:33:22 +0000 magill 845@http://diymacserver.com/forum/ <p>Apache 2.2 does NOT provide that option (mod_hfs_apple), so one assumes it was clearly something created by apple.</p> <p>Reading the support note, the implication is that post 10.4 versions of OSX do not have the same problem as pre-10.4 versions, implying that the issue is on Apple's side of the fence.</p> <p>One assumes that this "feature" is only active if/when the disk itself is formatted as "extended, case-sensitive," not merely "extended" although the help item<br /> does not state what the "default format" for OSX-Server volumes happens to be.</p> <p>I believe that the general default in Disk Utility is "extended, journaled" but I do not know off hand. That is to say -- you do NOT get case sensitivity on a normal Apple Formatted disk. </p> http://diymacserver.com/forum/topic/mod_hfs_apple-in-apache-2#post-834 Mon, 21 Jun 2010 17:07:11 +0000 Richard 834@http://diymacserver.com/forum/ <p>Chris, don't really understand why the one URL is more secure then the other when you only change the case on one letter. </p> <p>Wouldn't you use HTTPS to make it more secure?</p> <p>Another approach could be to use a .htaccess file that redirects incorrect URL's with the wrong case to somewhere else. </p> http://diymacserver.com/forum/topic/mod_hfs_apple-in-apache-2#post-833 Sat, 19 Jun 2010 15:52:10 +0000 chrisbunch 833@http://diymacserver.com/forum/ <p>I upgraded to Apache 2 a while ago (so I could use Subversion). Recently I have set up some secure areas on one of my sites but have noticed that it can be circumvented by using a URL with the folder in question in a different case. For example, I can make <code><a href="http://mydomain.com/ABC/" rel="nofollow">http://mydomain.com/ABC/</a></code> secure but <code><a href="http://mydomain.com/aBC/" rel="nofollow">http://mydomain.com/aBC/</a></code> will circumvent the authentication!</p> <p>This didn't happen with Apache 1.3, I believe because it included mod_hfs_apple which 'compensates' for HFS+'s case insensitivity (<a href="http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c3ws31.html)" rel="nofollow">http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c3ws31.html)</a>. mod_hfs_apple is not included in my instance of Apache 2 (2.2.4) . Does anyone know if Apple ever upgraded it for Apache 2, and if so, from where I can get it? </p>