The spec has to make security precautions where reasonable if
we expect a broad implementation of a standard. It's part of the
IETF process.
If you want to make your whole disk accessable to the world, then
you still can, within the spec, point your document root at "/".
If you only want to make, say, "/etc", available you can do
that with a symbolic link.
>is really necessarily true. Perhaps it makes more sense to return an
>"I don't know what you want (invalid request)" type error code rather
>than "Forbidden" which implies that I know what you want, but you
>aren't allowed to look there.
The idea of "403 Forbidden" is to say "no need to try that again
because it doesn't work and it never will".
+----------------------------------------------------------------------+
* BearHeart / Bill Weinman
* BearHeart@bearnet.com * * http://www.bearnet.com/ *
* Author of The CGI Book: * http://www.bearnet.com/cgibook/ *
* Trust everyone, but brand your cattle.