You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Reindl Harald <h....@thelounge.net> on 2017/05/17 13:12:39 UTC
RedirectMatch: unexpected behavior within
<Directory "/">
<Limit POST>
RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/"
</limit>
</Directory>
that above don't work and don't warn as it is normally the case where a
"apachectl -t" clearly says "syntax error, xxx not allowed here"
don't work means RedirectMatch also applies to GET-requests which makes
it really hard to restrict extensions like below only for normal
webacess which is chained into "AllowMethods GET HEAD POST" but at the
same time allow time for mod_dav_svn methods
well, and there is also no option to remove one or all global set
"RedirectMatch" for a specific directory
RedirectMatch 404
"(?i)\.(asax|ascx|ashx|asmx|asp|aspx|axd|back|backup|bak|bat|cfm|class|class\.php|cmd|conf|config|csproj|dat|data|db[0-9]{0,1}|dll|ds_store|exe|fbcindex|idc|inc|ini|jhtml|jsp|jspa|key|log|mdb|mdf|mscgi|nasl|nsf|ocx|old|pl|py|rb|sample|sav|save|sh|shtm|sql|sqlite|vbproj|vbs|webinfo)$"
Re: RedirectMatch: unexpected behavior within
Posted by Eric Covener <co...@gmail.com>.
On Wed, May 17, 2017 at 9:12 AM, Reindl Harald <h....@thelounge.net> wrote:
> <Directory "/">
> <Limit POST>
> RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/"
> </limit>
> </Directory>
>
> that above don't work and don't warn as it is normally the case where a
> "apachectl -t" clearly says "syntax error, xxx not allowed here"
>
> don't work means RedirectMatch also applies to GET-requests which makes it
> really hard to restrict extensions like below only for normal webacess which
> is chained into "AllowMethods GET HEAD POST" but at the same time allow time
> for mod_dav_svn methods
>
> well, and there is also no option to remove one or all global set
> "RedirectMatch" for a specific directory
>
> RedirectMatch 404
> "(?i)\.(asax|ascx|ashx|asmx|asp|aspx|axd|back|backup|bak|bat|cfm|class|class\.php|cmd|conf|config|csproj|dat|data|db[0-9]{0,1}|dll|ds_store|exe|fbcindex|idc|inc|ini|jhtml|jsp|jspa|key|log|mdb|mdf|mscgi|nasl|nsf|ocx|old|pl|py|rb|sample|sav|save|sh|shtm|sql|sqlite|vbproj|vbs|webinfo)$"
These containers should be marked deprecated in 2.4 and riddled with
cautions that they only apply to access control.
Re: the non dev@ related stuff, use <if>.
--
Eric Covener
covener@gmail.com
Re: RedirectMatch: unexpected behavior within
Posted by Eric Covener <co...@gmail.com>.
On Wed, May 17, 2017 at 9:12 AM, Reindl Harald <h....@thelounge.net> wrote:
> <Directory "/">
> <Limit POST>
> RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/"
> </limit>
> </Directory>
>
> that above don't work and don't warn as it is normally the case where a
> "apachectl -t" clearly says "syntax error, xxx not allowed here"
>
> don't work means RedirectMatch also applies to GET-requests which makes it
> really hard to restrict extensions like below only for normal webacess which
> is chained into "AllowMethods GET HEAD POST" but at the same time allow time
> for mod_dav_svn methods
>
> well, and there is also no option to remove one or all global set
> "RedirectMatch" for a specific directory
>
> RedirectMatch 404
> "(?i)\.(asax|ascx|ashx|asmx|asp|aspx|axd|back|backup|bak|bat|cfm|class|class\.php|cmd|conf|config|csproj|dat|data|db[0-9]{0,1}|dll|ds_store|exe|fbcindex|idc|inc|ini|jhtml|jsp|jspa|key|log|mdb|mdf|mscgi|nasl|nsf|ocx|old|pl|py|rb|sample|sav|save|sh|shtm|sql|sqlite|vbproj|vbs|webinfo)$"
These containers should be marked deprecated in 2.4 and riddled with
cautions that they only apply to access control.
Re: the non dev@ related stuff, use <if>.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org