Specifications

Indexing settings also apply to subfolders placed in the user’s Sites folder. If the user

adds a content subfolder named Example to the Sites folder and an index.html le is

present inside the Example folder, or if folder indexing is enabled for that user’s site,

the folder is made available to browsers at http://example.com/~refuser/Example.

Securing Web Content on Case Insensitive File Systems

The recommended practice for serving web content whose access is controlled via

the Realm mechanism is to serve it from case-sensitive volumes, such as UFS or HFSX,

where a folder named “Protected” and another folder named “PrOtECted” are two

dierent folders.

If you use the default case-insensitive HFS le system to serve access-controlled

web content, consider using location-based realms rather than folder-based realms.

However, to use folder-based realms on a case-insensitive le system, Apple provides

a layer of protection for that scenario for Apache 2.2 using mod_hfs_apple.

case of le names but does not distinguish between a le or folder named “Example”

If you set up a security realm requiring browsers to use a name and a password for

However, they could bypass it by using something like the following:

Fortunately, mod_hfs_apple prevents those types of eorts to bypass the security

realm, and this module is enabled by default.