You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Gerhard Paseman <su...@prado.com> on 1997/08/05 02:50:02 UTC

general/968: NCSA incompatibility -- no access control by referer

>Number:         968
>Category:       general
>Synopsis:       NCSA incompatibility -- no access control by referer
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon Aug  4 17:50:01 1997
>Originator:     support@prado.com
>Organization:
apache
>Release:        
>Environment:
Any
>Description:
In the documentation on NCSA's server, there is a referer directive
allowed under <Limit> (see the following URL for more info:
http://hoohoo.ncsa.uiuc.edu/docs/setup/access/referer.html).
This restricts access to a document based on the referred page.
I am unaware of any similar feature in Apache, and this seems
important enough to be placed on the list of discrepancies
between Apache and NCSA's server.
>How-To-Repeat:

>Fix:
Implement it (the preferred choice) or document the difference
not only in differences between Apache and NCSA, but also in some of the
documentations on Access control.

(I ask that a copy of any response to this to be e-mailed to support@prado.com.%2
>Audit-Trail:
>Unformatted: