You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/10/01 00:34:58 UTC
DO NOT REPLY [Bug 43519] New: - OPTIONS * is not handled
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
Summary: OPTIONS * is not handled
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: nick@webthing.com
OtherBugsDependingO 43454
nThis:
An OPTIONS * request will run through check_dir_access. Since * is not a path,
it'll get the permissions of the root directory, and thus be denied in any sane
configuration.
This is a core bug, but also affects mod_proxy, as it prevents OPTIONS *
requests being proxied.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43519] - OPTIONS * applies permissions from Document Root
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
jim@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From jim@apache.org 2007-10-08 05:23 -------
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_core.c?r1=581358&r2=581389
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43519] - OPTIONS * is not handled
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
nick@webthing.com changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO|43454 |
nThis| |
------- Additional Comments From nick@webthing.com 2007-09-30 18:15 -------
Not relevant to proxying after all:
http://marc.info/?l=apache-httpd-dev&m=119119652229134&w=2
Removing block on PR 43454
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43519] - OPTIONS * applies permissions from Document Root
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
------- Additional Comments From nick@webthing.com 2007-10-01 10:37 -------
Created an attachment (id=20902)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=20902&action=view)
Simple patch to allow OPTIONS *
OK, the simple fix to this is to patch mod_authz_host. I'll do it here,
because such a simple fix is n/a in /trunk/.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43519] - OPTIONS * applies permissions from Document Root
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
------- Additional Comments From wrowe@apache.org 2007-10-01 08:46 -------
I would propose that only one walk, an explicit <Location "*"> should ever
be applied to OPTIONS *. However, the test must ensure the directive is
OPTIONS and deny all other requests for "*" (unless there is some other
edge case hiding in RFC2616 or later std/rfc docs).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 43519] - OPTIONS * applies permissions from Document Root
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43519>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43519
nick@webthing.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|OPTIONS * is not handled |OPTIONS * applies
| |permissions from Document
| |Root
------- Additional Comments From nick@webthing.com 2007-10-01 07:56 -------
OK, I shouldn't be doing this at 2 a.m. Bah.
OPTIONS * gets the permissions of DocumentRoot, and the test machine I
encountered this on had no Allow in its documentroot.
This is IMO still a bug: OPTIONS * shouldn't be mapped to the filesystem, and if
any permissions apply it should be <Location /> (which was set to ALLOW in my
config).
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org