You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Chris Wedgwood <ch...@cybernet.co.nz> on 1998/10/12 23:00:51 UTC
apache bug-1.3.3 OPTIONS bug?
I've been told this is probably a mod_autoindex bug (but I can't see
to find it, I'm staring at diffs between 1.3.2 (where things work as
expected) and 1.3.3 without clues).
Using apache-1.3.3 I have access setup similar to this:
<Directory />
AllowOverride None
Options None
deny from all
</Directory>
<Directory /mounts/www/blah/site/>
AllowOverride None
Options None
order deny,allow
allow from all
</Directory>
...
DocumentRoot /mounts/www/blah/site/
As expected, this only allows access to files within
/mounts/www/blah/site/ but not directory contents.
Alas, if you try to access /mounts/www/blah/site/some.dir/ - you can
enumerate the directory, much as if you has specified `Options
Indexes'.
-cw
Re: apache bug-1.3.3 OPTIONS bug?
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Brian Behlendorf wrote:
>
> At 05:46 PM 10/13/98 +1300, Chris Wedgwood wrote:
> >
> >If it matter to anyone, replacing mod_autoindex.c with the 1.3.2
> >version fixes things.
>
> Looks like it may be due to Ken's fixes from right before 1.3.3.
Ha-h'm. I think I have an inkling of what's going on. I'll try
to verify on Tuesday.
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Group member <http://www.apache.org/>
"Apache Server for Dummies" <http://WWW.Dummies.Com/
Re: apache bug-1.3.3 OPTIONS bug?
Posted by Brian Behlendorf <br...@hyperreal.org>.
At 05:46 PM 10/13/98 +1300, Chris Wedgwood wrote:
>(talking to myself?)
>
>On Tue, Oct 13, 1998 at 10:00:51AM +1300, Chris Wedgwood wrote:
>
>> I've been told this is probably a mod_autoindex bug (but I can't see
>> to find it, I'm staring at diffs between 1.3.2 (where things work as
>> expected) and 1.3.3 without clues).
>>
>> Using apache-1.3.3 I have access setup similar to this:
>
>If it matter to anyone, replacing mod_autoindex.c with the 1.3.2
>version fixes things.
Looks like it may be due to Ken's fixes from right before 1.3.3.
Since a lot of the developers are in SF this week for ApacheCon, this will
probably not be fixed soon, but please enter it in the bugdb (if you
haven't already) so that it can get tracked properly...
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
Where will YOU be Oct 14-16? | brian@apache.org
ApacheCon '98! http://www.apachecon.com/ | brian@hyperreal.org
Re: apache bug-1.3.3 OPTIONS bug?
Posted by Rodent of Unusual Size <Ke...@Golux.Com>.
Chris Wedgwood wrote:
>
> I've been told this is probably a mod_autoindex bug (but I can't see
> to find it, I'm staring at diffs between 1.3.2 (where things work as
> expected) and 1.3.3 without clues).
:
> As expected, this only allows access to files within
> /mounts/www/blah/site/ but not directory contents.
>
> Alas, if you try to access /mounts/www/blah/site/some.dir/ - you can
> enumerate the directory, much as if you has specified `Options
> Indexes'.
Actually, I can't reproduce this. Access to the subdirectory is
denied as well, as expected. Can you send me (privately)
your complete set of configuration files?
#ken P-)}
Ken Coar <http://Web.Golux.Com/coar/>
Apache Group member <http://www.apache.org/>
"Apache Server for Dummies" <http://WWW.Dummies.Com/
Re: apache bug-1.3.3 OPTIONS bug?
Posted by Chris Wedgwood <ch...@cybernet.co.nz>.
(talking to myself?)
On Tue, Oct 13, 1998 at 10:00:51AM +1300, Chris Wedgwood wrote:
> I've been told this is probably a mod_autoindex bug (but I can't see
> to find it, I'm staring at diffs between 1.3.2 (where things work as
> expected) and 1.3.3 without clues).
>
> Using apache-1.3.3 I have access setup similar to this:
If it matter to anyone, replacing mod_autoindex.c with the 1.3.2
version fixes things.
-cw