Wolfram Schlich wrote:
AFAIK it's important to insert the deny-line for the worm *before* the allow-line for your clients, e.g.: it isn't ...
It's very important to put the deny-line before the allow-line. I've tested it with denying .gif and it only worked having the order first deny and then allow.
# nimda wrum acl nimda urlpath_regex -i \.eml$ acl nimda urlpath_regex -i \.nws$ http_access deny nimda
look at the second one, another way for the worm (news instead of mail)...
HTH
-- intraDAT AG http://www.intradat.com Wilhelm-Leuschner-Strasse 7 Tel: +49 69-25629-0 D - 60329 Frankfurt am Main Fax: +49 69-25629-256
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Michael Schorr System-Administration, soft-gate gmbh