www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Brudenell" <p...@york.ac.uk>
Subject Re: config/1941: AllowOverride ignored in <Directory ~ pattern> and <DirectoryMatch pattern>
Date Mon, 16 Mar 1998 11:56:34 GMT
Hello!

--On Fri, Mar 13, 1998 7:04 pm +0000 marc@hyperreal.org wrote: 

> Synopsis: AllowOverride ignored in <Directory ~ pattern> and
<DirectoryMatch pattern>
> 
> State-Changed-From-To: open-analyzed
> State-Changed-By: marc
> State-Changed-When: Fri Mar 13 11:04:30 PST 1998
> State-Changed-Why:
> What happens if you change your htaccess to have _just_
> an "allow from all" line, ie. no <files ...>?

Changing the .htaccess to just:
    Allow from all
makes no difference; access is still denied.

Please forgive me for asking, but are you sure this _should_ work?  I ask
because of the following...

0.  If I alter the server's access.conf file to:

        <Directory />
            Allow from all
            AllowOverride Limit
        </Directory>

        <DirectoryMatch "^/htdocs/.*\.ltd">
            Deny from all
        </DirectoryMatch>

in order to allow directories' .htaccess files to override the server's
settings.  Then...

1.  If the /htdocs/physics/secret.ltd/.htaccess file contains:
        <FilesMatch *>
            Allow from all
        </FilesMatch>
    access IS (correctly) allowed (because the .htaccess file's "Allow"
    is overriding the "Deny" established by the pattern in the access.conf
    file).

2.  BUT if I then alter the .htaccess file to just:
        Allow from all
    then access is no longer allowed.  This seems to suggest that it is now
    syntactically wrong and is being ignored?

[When I originally tried (2) I assumed that this was because Allow/Deny had
to be within a <Files> or <FilesMatch> block for an area's .htaccess file. 
But your question now makes me wonder whether I was wrong in assuming this. 
If it _should_ work then there may be a problem as it doesn't seem to!]


There seems to be another funny which may or may not be related (I asked
this on comp.infosystems.www.servers.unix last week but no-one there has yet
replied)...

If I set up the (1) environment above again, ie:

*   Server's access.conf includes:

        <Directory />
            Allow from all
            AllowOverride Limit
        </Directory>

        <DirectoryMatch "^/htdocs/.*\.ltd">
            Deny from all
        </DirectoryMatch>

*   And the /htdocs/physics/secret.ltd/.htaccess is:

        <FilesMatch *>
            Allow from all
        </FilesMatch>

Then, as expected, requests for documents in the area are satisfied.

And if I change the first block of the above access.conf file to:

    <Directory />
        Allow from all
        AllowOverride None
    </Directory>

then again, as expected, requests are now _denied_ (because the server does
not allow the .htaccess file to override the Allow/Deny directives).

HOWEVER... if I now change the first block of the above access.conf file to:

    <Directory />
        Allow from all
        AllowOverrides Indexes
    </Directory>

I would *expect* requests to still be denied (after all the ability of an
.htaccess file to override the "Indexes" category of directives shouldn't
have any effect on being able to override Allow/Deny, which are part of the
"Limit" category).

However in actual fact this DOES let requests be satisfied!

This, along with my main report, makes me think there is something Really
Funny happening in the parsing or processing of the AllowOverride directive
in Apache 1.3b5 (also present in 1.3b3).

Do please feel free to let me know if you want any more information, or for
me to try anything else.

Cheers,

Mike Brudenell

-- 
The Computing Service, University of York, Heslington, York, YO1 5DD, UK
Tel: +44-1904-433811  FAX: +44-1904-433740  http://www.york.ac.uk/~pmb1/

* Unsolicited commercial e-mail is NOT welcome at this e-mail address. *


Mime
View raw message