httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hajo Locke" <>
Subject [users@httpd] filesmatch suspends AccessFileName?
Date Fri, 05 Apr 2013 09:44:57 GMT

interesting thing here. Ist this a bug or expected?
Apache is 2.2.23

Costumer uses .htaccess which uses some SetEnvIfNoCase Directives to filter 
bad bots.
the allow,deny directive is placed within a filesmatch directive.

SetEnvIfNoCase user-agent "hallohallo" bad_bot=1

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=bad_bot

The regex in filesmatch Directive is quite useless but this leads to the 
problem that .htaccess file can called by http in browser and shows all of 
its contents.

Seems to me quite simple for a user to disclose his .htaccess contents by 
simple filesmatch directive which suddenly ignores AccessFileName directive.
Is this a bug or expected?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message