You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Виталий Фадеев <ru...@gmail.com> on 2016/03/29 11:06:50 UTC
[users@httpd] Strange with AllowOverrideList Directive
Hello!
I trying to completely disable of .htaccess.
I have this in httpd.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
Also, i have this in vhost include file:
<Directory "/var/www/development">
Options FollowSymLinks
AllowOverride None
AllowOverrideList None
Require all granted
....CUT...
</Directory>
Directory /var/www/development still contain .htaccess files as i do
not want to remove them.
Documentation https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
says:
"When this directive is set to None and AllowOverrideList is set to
None .htaccess, files are completely ignored. In this case, the server
will not even attempt to read .htaccess files in the filesystem."
But when i open my vhost, i get 500:
[Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
allowed here
As first line of my .htaccess start with ErrorDocument.
And also, any subdirectories that contains .htaccess is failed with 500.
As i see, this is mismatch in documentation?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Daniel Ruggeri <DR...@primary.net>.
On 3/29/2016 11:41 AM, Kees Nuyt wrote:
> Looks like a bug to me. I wouldn't call it a ducumentation bug,
> as totally ignoring .htaccess is what one would want to do,
> because it (also) has performance advantages.
>
> As a workaround, you could change the access file name httpd is
> looking for, as in:
> https://httpd.apache.org/docs/2.4/mod/core.html#accessfilename
>
> , and .htaccess will not be read anymore.
>
> -- Regards, Kees Nuyt
Agreed on both fronts. Definitely a bug - when I wrote the patches for
AllowOverrideList, I thought I had tested this scenario but might have
missed it? If you don't mind, I'd love it if you could share a full
trace8 log (email just to me if you don't mind) for the request that
reproduces the problem so I can compare to my environment. On the second
topic - changing the file name is a quick and easy workaround to the
problem. There's still a very slight efficiency that can be gained by
fixing the bug in that the directories aren't checked for the presence
of the files, though, so I'd still want to tackle it from that angle.
--
Daniel Ruggeri
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Kees Nuyt <k....@zonnet.nl>.
On Tue, 29 Mar 2016 15:06:50 +0600, you wrote:
>Hello!
>
> I trying to completely disable of .htaccess.
> I have this in httpd.conf:
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Require all denied
> </Directory>
>
> Also, i have this in vhost include file:
> <Directory "/var/www/development">
> Options FollowSymLinks
> AllowOverride None
> AllowOverrideList None
> Require all granted
> ....CUT...
> </Directory>
>
> Directory /var/www/development still contain .htaccess files as i do
> not want to remove them.
>
> Documentation https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
> says:
> "When this directive is set to None and AllowOverrideList is set to
> None .htaccess, files are completely ignored. In this case, the server
> will not even attempt to read .htaccess files in the filesystem."
>
> But when i open my vhost, i get 500:
> [Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
> 192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
> allowed here
> As first line of my .htaccess start with ErrorDocument.
>
> And also, any subdirectories that contains .htaccess is failed with 500.
>
> As i see, this is mismatch in documentation?
Looks like a bug to me. I wouldn't call it a ducumentation bug,
as totally ignoring .htaccess is what one would want to do,
because it (also) has performance advantages.
As a workaround, you could change the access file name httpd is
looking for, as in:
https://httpd.apache.org/docs/2.4/mod/core.html#accessfilename
, and .htaccess will not be read anymore.
--
Regards,
Kees Nuyt
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Daniel Ruggeri <DR...@primary.net>.
I'm assuming that compiler optimizations would make both patches "six to
one, half dozen to the other" as far as code path followed during the
request cycle... but I agree.
Fixed in trunk in r1737114 and proposed for backport in 2.4 in STATUS.
--
Daniel Ruggeri
On 3/30/2016 8:02 AM, Plüm, Rüdiger, Vodafone Group wrote:
>
> But the attached patch is not correct. IMHO it needs to be
>
>
>
> Index: request.c
>
> ===================================================================
>
> --- request.c (revision 1735931)
>
> +++ request.c (working copy)
>
> @@ -1009,7 +1009,9 @@
>
> /* No htaccess in an incomplete root path,
>
> * nor if it's disabled
>
> */
>
> - if (seg < startseg || (!opts.override &&
> opts.override_list == NULL)) {
>
> + if (seg < startseg || (!opts.override
>
> + &&
> apr_is_empty_table(opts.override_list)
>
> + )) {
>
> break;
>
> }
>
>
>
>
>
> Regards
>
>
>
> Rüdiger
>
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Daniel Ruggeri <DR...@primary.net>.
I'm assuming that compiler optimizations would make both patches "six to
one, half dozen to the other" as far as code path followed during the
request cycle... but I agree.
Fixed in trunk in r1737114 and proposed for backport in 2.4 in STATUS.
--
Daniel Ruggeri
On 3/30/2016 8:02 AM, Plüm, Rüdiger, Vodafone Group wrote:
>
> But the attached patch is not correct. IMHO it needs to be
>
>
>
> Index: request.c
>
> ===================================================================
>
> --- request.c (revision 1735931)
>
> +++ request.c (working copy)
>
> @@ -1009,7 +1009,9 @@
>
> /* No htaccess in an incomplete root path,
>
> * nor if it's disabled
>
> */
>
> - if (seg < startseg || (!opts.override &&
> opts.override_list == NULL)) {
>
> + if (seg < startseg || (!opts.override
>
> + &&
> apr_is_empty_table(opts.override_list)
>
> + )) {
>
> break;
>
> }
>
>
>
>
>
> Regards
>
>
>
> Rüdiger
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Strange with AllowOverrideList Directive
Posted by Plüm,
Rüdiger,
Vodafone Group <ru...@vodafone.com>.
But the attached patch is not correct. IMHO it needs to be
Index: request.c
===================================================================
--- request.c (revision 1735931)
+++ request.c (working copy)
@@ -1009,7 +1009,9 @@
/* No htaccess in an incomplete root path,
* nor if it's disabled
*/
- if (seg < startseg || (!opts.override && opts.override_list == NULL)) {
+ if (seg < startseg || (!opts.override
+ && apr_is_empty_table(opts.override_list)
+ )) {
break;
}
Regards
Rüdiger
From: Luca Toscano [mailto:toscano.luca@gmail.com]
Sent: Mittwoch, 30. März 2016 14:42
To: users@httpd.apache.org
Cc: dev@httpd.apache.org
Subject: Re: [users@httpd] Strange with AllowOverrideList Directive
Hi again!
> +dev@ to get their opinion! Bug in documentation or small fix required? (or
> me missing something?)
https://bz.apache.org/bugzilla/show_bug.cgi?id=58528 seems to be very similar and a patch is attached. We can follow up on it adding a use case or just openinig a new one.
Thanks!
Luca
RE: [users@httpd] Strange with AllowOverrideList Directive
Posted by Plüm,
Rüdiger,
Vodafone Group <ru...@vodafone.com>.
But the attached patch is not correct. IMHO it needs to be
Index: request.c
===================================================================
--- request.c (revision 1735931)
+++ request.c (working copy)
@@ -1009,7 +1009,9 @@
/* No htaccess in an incomplete root path,
* nor if it's disabled
*/
- if (seg < startseg || (!opts.override && opts.override_list == NULL)) {
+ if (seg < startseg || (!opts.override
+ && apr_is_empty_table(opts.override_list)
+ )) {
break;
}
Regards
Rüdiger
From: Luca Toscano [mailto:toscano.luca@gmail.com]
Sent: Mittwoch, 30. März 2016 14:42
To: users@httpd.apache.org
Cc: dev@httpd.apache.org
Subject: Re: [users@httpd] Strange with AllowOverrideList Directive
Hi again!
> +dev@ to get their opinion! Bug in documentation or small fix required? (or
> me missing something?)
https://bz.apache.org/bugzilla/show_bug.cgi?id=58528 seems to be very similar and a patch is attached. We can follow up on it adding a use case or just openinig a new one.
Thanks!
Luca
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Luca Toscano <to...@gmail.com>.
Hi again!
> +dev@ to get their opinion! Bug in documentation or small fix required?
> (or
> > me missing something?)
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=58528 seems to be very
similar and a patch is attached. We can follow up on it adding a use case
or just openinig a new one.
Thanks!
Luca
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Luca Toscano <to...@gmail.com>.
Hi again!
> +dev@ to get their opinion! Bug in documentation or small fix required?
> (or
> > me missing something?)
>
https://bz.apache.org/bugzilla/show_bug.cgi?id=58528 seems to be very
similar and a patch is attached. We can follow up on it adding a use case
or just openinig a new one.
Thanks!
Luca
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Виталий Фадеев <ru...@gmail.com>.
also, i you set AllowOverride None and AllowOverrideList None or
just AllowOverride None there is still .htaccess reading.
I found this by attach strace to apache pid.
i.e.
strace -e trace=open,read -p 9738 -s 80 -o /root/trace3.txt
grep htaccess /root/trace3.txt:
open("/var/www/development/.htaccess", O_RDONLY|O_CLOEXEC) = -1 ENOENT
(No such file or directory)
open("/var/www/development/.htaccess", O_RDONLY|O_CLOEXEC) = -1 ENOENT
(No such file or directory
2016-03-30 12:56 GMT+06:00 Luca Toscano <to...@gmail.com>:
> [+dev@]
>
> Hi!
>
> 2016-03-29 11:06 GMT+02:00 Виталий Фадеев <ru...@gmail.com>:
>>
>> Hello!
>>
>> I trying to completely disable of .htaccess.
>> I have this in httpd.conf:
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> Require all denied
>> </Directory>
>>
>> Also, i have this in vhost include file:
>> <Directory "/var/www/development">
>> Options FollowSymLinks
>> AllowOverride None
>> AllowOverrideList None
>> Require all granted
>> ....CUT...
>> </Directory>
>>
>> Directory /var/www/development still contain .htaccess files as i do
>> not want to remove them.
>>
>> Documentation
>> https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
>> says:
>> "When this directive is set to None and AllowOverrideList is set to
>> None .htaccess, files are completely ignored. In this case, the server
>> will not even attempt to read .htaccess files in the filesystem."
>>
>> But when i open my vhost, i get 500:
>> [Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
>> 192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
>> allowed here
>> As first line of my .htaccess start with ErrorDocument.
>>
>> And also, any subdirectories that contains .htaccess is failed with 500.
>>
>> As i see, this is mismatch in documentation?
>
>
> I can reproduce on 2.4.16: AllowOverride None alone behaves as expected, but
> with AllowOverrideList None I get the same error message (".... not allowed
> here").
>
> +dev@ to get their opinion! Bug in documentation or small fix required? (or
> me missing something?)
>
> Luca
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Luca Toscano <to...@gmail.com>.
[+dev@]
Hi!
2016-03-29 11:06 GMT+02:00 Виталий Фадеев <ru...@gmail.com>:
> Hello!
>
> I trying to completely disable of .htaccess.
> I have this in httpd.conf:
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Require all denied
> </Directory>
>
> Also, i have this in vhost include file:
> <Directory "/var/www/development">
> Options FollowSymLinks
> AllowOverride None
> AllowOverrideList None
> Require all granted
> ....CUT...
> </Directory>
>
> Directory /var/www/development still contain .htaccess files as i do
> not want to remove them.
>
> Documentation
> https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
> says:
> "When this directive is set to None and AllowOverrideList is set to
> None .htaccess, files are completely ignored. In this case, the server
> will not even attempt to read .htaccess files in the filesystem."
>
> But when i open my vhost, i get 500:
> [Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
> 192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
> allowed here
> As first line of my .htaccess start with ErrorDocument.
>
> And also, any subdirectories that contains .htaccess is failed with 500.
>
> As i see, this is mismatch in documentation?
I can reproduce on 2.4.16: AllowOverride None alone behaves as expected,
but with AllowOverrideList None I get the same error message (".... not
allowed here").
+dev@ to get their opinion! Bug in documentation or small fix required? (or
me missing something?)
Luca
Re: [users@httpd] Strange with AllowOverrideList Directive
Posted by Luca Toscano <to...@gmail.com>.
[+dev@]
Hi!
2016-03-29 11:06 GMT+02:00 Виталий Фадеев <ru...@gmail.com>:
> Hello!
>
> I trying to completely disable of .htaccess.
> I have this in httpd.conf:
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Require all denied
> </Directory>
>
> Also, i have this in vhost include file:
> <Directory "/var/www/development">
> Options FollowSymLinks
> AllowOverride None
> AllowOverrideList None
> Require all granted
> ....CUT...
> </Directory>
>
> Directory /var/www/development still contain .htaccess files as i do
> not want to remove them.
>
> Documentation
> https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
> says:
> "When this directive is set to None and AllowOverrideList is set to
> None .htaccess, files are completely ignored. In this case, the server
> will not even attempt to read .htaccess files in the filesystem."
>
> But when i open my vhost, i get 500:
> [Tue Mar 29 01:27:12.868576 2016] [core:alert] [pid 9361:tid [client
> 192.168.1.1:58722] /var/www/development/.htaccess: ErrorDocument not
> allowed here
> As first line of my .htaccess start with ErrorDocument.
>
> And also, any subdirectories that contains .htaccess is failed with 500.
>
> As i see, this is mismatch in documentation?
I can reproduce on 2.4.16: AllowOverride None alone behaves as expected,
but with AllowOverrideList None I get the same error message (".... not
allowed here").
+dev@ to get their opinion! Bug in documentation or small fix required? (or
me missing something?)
Luca