You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@znep.com> on 1998/07/17 02:38:27 UTC

mod_proxy/2547: Proxy module does not appear to obey access directives (fwd)

You know, I just realized that this may be due to broken canonicalization
too...

Haven't tried it myself.

---------- Forwarded message ----------
Date: 3 Jul 1998 16:25:11 -0000
From: David Pendlebury <pe...@rocketmail.com>
To: apbugs@hyperreal.org
Subject: mod_proxy/2547: Proxy module does not appear to obey access directives


>Number:         2547
>Category:       mod_proxy
>Synopsis:       Proxy module does not appear to obey access directives
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jul  3 09:30:01 PDT 1998
>Last-Modified:
>Originator:     pendlebury@rocketmail.com
>Organization:
apache
>Release:        1.3.0
>Environment:
Windows NT 4.0 SP3 with hotfixes
Apache compiled with MSVC++ 5.0 SP3
>Description:
I do not seem to be able to restrict access to the proxy module using the <Directory> directive.  I have the following access.conf:

<Directory />
Order Deny,Allow     
Deny from All
Options None
AllowOverride None
</Directory>

<Directory proxy:*>
order deny,allow
deny from All
Options None
AllowOverride None
</Directory>

# This should be changed to whatever you set DocumentRoot to.

<Directory "C:/Apache/htdocs/">

# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".

# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you (or at least, not yet).

Options Indexes FollowSymLinks

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo", 
# "AuthConfig", and "Limit"

AllowOverride None

#Controls who can get stuff from this server.

order deny,allow
allow from *
</Directory>

# /apache/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured..

<Directory /apache/cgi-bin>
AllowOverride None
Options None
</Directory>
>How-To-Repeat:
Try these settings:

<Directory proxy:*>
order deny,allow
deny from All
Options None
AllowOverride None
</Directory>

I'm perfectly willing to accept I've screwed up in some way, but can't figure out how.
>Fix:
Sorry, no.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]