www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: config/1941: AllowOverride ignored in <Directory ~ pattern> and <DirectoryMatch pattern> (fwd)
Date Mon, 16 Mar 1998 15:00:01 GMT
The following reply was made to PR config/1941; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Apache bugs database <apbugs@apache.org>
Cc:  Subject: Re: config/1941: AllowOverride ignored in <Directory ~ pattern> and <DirectoryMatch
pattern> (fwd)
Date: Mon, 16 Mar 1998 07:50:39 -0700 (MST)

 ---------- Forwarded message ----------
 Date: Mon, 16 Mar 1998 11:56:34 +0000
 From: Mike Brudenell <pmb1@york.ac.uk>
 To: marc@hyperreal.org
 Cc: apache-bugdb@apache.org, marc@apache.org
 Subject: Re: config/1941: AllowOverride ignored in <Directory ~ pattern> and <DirectoryMatch
pattern>
 
 Hello!
 
 --On Fri, Mar 13, 1998 7:04 pm +0000 marc@hyperreal.org wrote: 
 
 > Synopsis: AllowOverride ignored in <Directory ~ pattern> and
 <DirectoryMatch pattern>
 > 
 > State-Changed-From-To: open-analyzed
 > State-Changed-By: marc
 > State-Changed-When: Fri Mar 13 11:04:30 PST 1998
 > State-Changed-Why:
 > What happens if you change your htaccess to have _just_
 > an "allow from all" line, ie. no <files ...>?
 
 Changing the .htaccess to just:
     Allow from all
 makes no difference; access is still denied.
 
 Please forgive me for asking, but are you sure this _should_ work?  I ask
 because of the following...
 
 0.  If I alter the server's access.conf file to:
 
         <Directory />
             Allow from all
             AllowOverride Limit
         </Directory>
 
         <DirectoryMatch "^/htdocs/.*\.ltd">
             Deny from all
         </DirectoryMatch>
 
 in order to allow directories' .htaccess files to override the server's
 settings.  Then...
 
 1.  If the /htdocs/physics/secret.ltd/.htaccess file contains:
         <FilesMatch *>
             Allow from all
         </FilesMatch>
     access IS (correctly) allowed (because the .htaccess file's "Allow"
     is overriding the "Deny" established by the pattern in the access.conf
     file).
 
 2.  BUT if I then alter the .htaccess file to just:
         Allow from all
     then access is no longer allowed.  This seems to suggest that it is now
     syntactically wrong and is being ignored?
 
 [When I originally tried (2) I assumed that this was because Allow/Deny had
 to be within a <Files> or <FilesMatch> block for an area's .htaccess file. 
 But your question now makes me wonder whether I was wrong in assuming this. 
 If it _should_ work then there may be a problem as it doesn't seem to!]
 
 
 There seems to be another funny which may or may not be related (I asked
 this on comp.infosystems.www.servers.unix last week but no-one there has yet
 replied)...
 
 If I set up the (1) environment above again, ie:
 
 *   Server's access.conf includes:
 
         <Directory />
             Allow from all
             AllowOverride Limit
         </Directory>
 
         <DirectoryMatch "^/htdocs/.*\.ltd">
             Deny from all
         </DirectoryMatch>
 
 *   And the /htdocs/physics/secret.ltd/.htaccess is:
 
         <FilesMatch *>
             Allow from all
         </FilesMatch>
 
 Then, as expected, requests for documents in the area are satisfied.
 
 And if I change the first block of the above access.conf file to:
 
     <Directory />
         Allow from all
         AllowOverride None
     </Directory>
 
 then again, as expected, requests are now _denied_ (because the server does
 not allow the .htaccess file to override the Allow/Deny directives)..
 
 HOWEVER... if I now change the first block of the above access.conf file to:
 
     <Directory />
         Allow from all
         AllowOverrides Indexes
     </Directory>
 
 I would *expect* requests to still be denied (after all the ability of an
 .htaccess file to override the "Indexes" category of directives shouldn't
 have any effect on being able to override Allow/Deny, which are part of the
 "Limit" category).
 
 However in actual fact this DOES let requests be satisfied!
 
 This, along with my main report, makes me think there is something Really
 Funny happening in the parsing or processing of the AllowOverride directive
 in Apache 1.3b5 (also present in 1.3b3).
 
 Do please feel free to let me know if you want any more information, or for
 me to try anything else.
 
 Cheers,
 
 Mike Brudenell
 
 -- 
 The Computing Service, University of York, Heslington, York, YO1 5DD, UK
 Tel: +44-1904-433811  FAX: +44-1904-433740  http://www.york.ac.uk/~pmb1/
 
 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
 

Mime
View raw message