In a recent security audit, I had to respond to the threat posed by the FileETag setting on my apache web server.
Here is the impact:
This vulnerability poses a security risk, as the disclosure of inode information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles.
Seems silly, but that’s not up to me to decide.
The Problem
OK. Here is how you verify that you indeed have this issue: