You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2008/06/04 11:38:06 UTC
DO NOT REPLY [Bug 45127] New: Empty pattern in FilesMatch causes
Allow to match any IP
https://issues.apache.org/bugzilla/show_bug.cgi?id=45127
Summary: Empty pattern in FilesMatch causes Allow to match any IP
Product: Apache httpd-2
Version: 2.2.8
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: mod_access
AssignedTo: bugs@httpd.apache.org
ReportedBy: paul.dodd@usb.unibe.ch
In an .htaccess file the lines
---
Order Allow,Deny
<FilesMatch "">
Allow from 255.255.000.000
</FilesMatch>
---
allow access to ANY host i.e. the address part of the IP is not used to
restrict access. Commenting out the "Allow from 255.255.000.000" line reverts
to the expected behaviour i.e. the access is denied.
The same happens with any pattern in FilesMatch which also matches an empty
file name such as
<FilesMatch "(^xyz$)?">
Workaround: don't use patterns which match an empty file name.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45127] Empty pattern in <***Match ""> directives
default to MATCHED
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45127
Nick Kew <ni...@webthing.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX
--- Comment #3 from Nick Kew <ni...@webthing.com> 2009-05-26 16:51:29 PST ---
Seems like NOTABUG by definition: an empty pattern matches everything.
Insofar as that's confusing, it's a symptom of the not-always-intuitive rules
for merging configuration sections. A change to that would be way beyond the
scope of a bug report/fix!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45127] Empty pattern in FilesMatch causes Allow to
match any IP
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45127
--- Comment #1 from Takashi Sato <ta...@lans-tv.com> 2008-06-04 03:03:53 PST ---
Order Allow,Deny
<FilesMatch "">
Allow from 255.255.000.000
</FilesMatch>
is the same as:
Order Allow,Deny
<FilesMatch "">
Order Deny,Allow
Allow from 255.255.000.000
</FilesMatch>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 45127] Empty pattern in <***Match ""> directives
default to MATCHED
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45127
Will Rowe <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
OS/Version|Windows XP |All
Summary|Empty pattern in FilesMatch |Empty pattern in <***Match
|causes Allow to match any IP|""> directives default to
| |MATCHED
--- Comment #2 from Will Rowe <wr...@apache.org> 2008-06-05 08:16:46 PST ---
Agree that this is confusing and worth emitting an error.
It will become more convoluted if/when macro substitution is used to process
a more complex config.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org