Changed rules
Situation:
- A client request page ./../
- The general location is c:/wwwroot/
Before fix:
- The server will only send the index of c:/
Afther fix:
- The server will close the connection
Fixed in version: 1.05.3
Explanation:
- The location /. means one level down (C:/wwwroot/./ = c:/wwwroot/), ../ means 2 levels down (c:/wwwroot/../ = c:/).
The server already had protection for the requested location (see here), but it didn't handle ./ as one level down but as one level up.