Vulnerability in Interstage Management Console May Lead to Obtain or Delete Arbitrary Files on the Server. June 10th, 2008

---

Notes on using this web page

1. Description

A vulnerability has been confirmed in environments using the Interstage Management Console, which may lead to obtain or delete abitrary files on the server.

Fujitsu provides workaround in section 3-3, Please apply them as soon as possible.

2. Impact

There is a threat of exposure of information by obtaining abitrary files and/or corruption of the system environment by deleting them.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machines, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Note: The values set in "3-3. Workaround" below depend on the product. The symbol in square brackets after 'Product' corresponds to the contents set of "3-3. Workaround".

* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

Reference: Confirmation method for the relevant product
To check the software version, refer to the "software manual" supplied with the product.

3-3. Workaround

Please apply the procedure mentioned below that is corresponding your product.

 - Product [a] (6.0, 6.0.1 for Solaris/ V6.0L10, V6.0L11 for Linux)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
   LoadModule rewrite_module /opt/FJSVihs/libexec/od_rewrite.so
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet>
     RewriteEngine On
     RewriteCond %{PATH_INFO} ^/download [OR]
     RewriteCond %{PATH_INFO} ^/com\.fujitsu\.interstage\.isAdmin\.WorkUnit\.IJServerLogServlet
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in '/opt'.
     If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
     For example, if the product is installed in '/test/opt' as shown in the example below.
       LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i) Use the kill command to stop the processes of the Web server.
     # kill 'cat /var/opt/FJSVisgui/tmp/httpd.pid'
    ii-ii) Start the Web server.
     # /opt/FJSVihs/bin/httpd -f /etc/opt/FJSVisgui/httpd.conf

 - Product [b] (6.0.2 for Solaris)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
   LoadModule rewrite_module /opt/FJSVihs/libexec/mod_rewrite.so
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in '/opt'.
     If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
     For example, if the product is installed in '/test/opt', as shown in the example below.
       LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i) Use the kill command to stop the processes of the Web server.
     # kill `cat /var/opt/FJSVisgui/tmp/httpd.pid`
    ii-ii) Start the Web server.
     # /opt/FJSVihs/bin/httpd -f /etc/opt/FJSVisgui/httpd.conf

 - Product [c] (V7, V8 for Solaris/ V7, V8 for Linux)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
   LoadModule rewrite_module /opt/FJSVihs/libexec/mod_rewrite.so
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in '/opt'.
     If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
     For example, if the product is installed in '/test/opt' as shown in the example below.
       LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/webservice/download [OR]
2. After you have edited the definitions, restart the services for the purpose of using the Interstage Management Console.
    ii-i) Stop the services.
     # ismngconsolestop
    ii-ii) Start the services.
     # ismngconsolestart

 - Product [d] (V9 for Solaris/ V9 for Linux)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
   LoadModule rewrite_module /opt/FJSVihs/modules/mod_rewrite.so
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
   RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\./ [OR]
     RewriteCond %{QUERY_STRING} /\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in '/opt'.
     If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
     For example, if the product is installed in '/test/opt' as shown in the example below.
       LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
       RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/webservice/download [OR]
2. After you have edited the definitions, restart the services for the purpose of using the Interstage Management Console.
    ii-i) Stop the services.
     # ismngconsolestop
    ii-ii) Start the services.
     # ismngconsolestart

 - Product [e] (V6.0L10, V6.0L10A, V6.0L10B for Windows)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
   LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet>
     RewriteEngine On
     RewriteCond %{PATH_INFO} ^/download [OR]
     RewriteCond %{PATH_INFO} ^/com\.fujitsu\.interstage\.isAdmin\.WorkUnit\.IJServerLogServlet
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
     If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
     For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
       LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i)Restart the following service.
     'Interstage Operation Tool(FJapache)'

 - Product [f] (V6.0L10C for Windows)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
   LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
     If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
     For example, if the product is installed in'C:\SOFT\Interstage' as shown in the example below.
       LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i)Restart the following service.
     'Interstage Operation Tool(FJapache)'

 - Product [g] (V7, V8 for Windows)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in] \gui\etc\httpd.conf).
   LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
   AddModule mod_rewrite.c
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
       RewriteCond %{QUERY_STRING} (/|\\)\.\.
   RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
     If the product is saved in a directory other than 「C:\Interstage」, replace all instances of 'C:\Interstage' with the actual installation path of the product.
     For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
       LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i)Restart the following service
     'Interstage Operation Tool(FJapache)'

 - Product [h] (V9 for Windows)

1. Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
   LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
   <Location /IsAdmin/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/download>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WUdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
     RewriteCond %{QUERY_STRING} &.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/WWWdownload>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   <Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet>
     RewriteEngine On
     RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
     RewriteCond %{QUERY_STRING} &.*&.*& [OR]
     RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
     RewriteCond %{QUERY_STRING} (/|\\)\.\.
     RewriteRule .* - [F]
   </Location>
   Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
     If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
     For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
       LoadModule rewrite_module 'C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so'
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
       RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
2. After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
    ii-i)Restart the following service
     'Interstage Operation Tool(FJapache)'

4. Revision history

• June 10th, 2008 : Initial release