You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2014/01/12 01:28:55 UTC
[Bug 55990] New: SetEnv vs. =! inconsistentcy not documented
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
Bug ID: 55990
Summary: SetEnv vs. =! inconsistentcy not documented
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: jidanni@jidanni.org
http://svn.apache.org/viewvc?view=revision&revision=r1556102
goes a long way, but there is one case that it still does not fully cover:
I.e., highly unexplainable why only one of the
following four work, instead of two:
# while read; do cat ~jidanni/mediawiki/images/radioscanningtw/.htaccess; w3m
-dump http://radioscanningtw.jidanni.org/images |grep radio.*:; echo
----------; done
Order Deny,Allow
Deny from all
Allow from env=!let_me_in
[DIR] radioscanningtw/ 2014-01-07 11:18 -
----------
Order Deny,Allow
Deny from all
Allow from env=let_me_in
----------
SetEnv let_me_in 1
Order Deny,Allow
Deny from all
Allow from env=let_me_in
----------
SetEnv let_me_in 1
Order Deny,Allow
Deny from all
Allow from env=!let_me_in
----------
Browsing the child directly with
d=radioscanningtw.jidanni.org/images/radioscanningtw/; while read; do
cat ~jidanni/$d/.htaccess; w3m -dump http://$d; echo -n ----------;
done
shows the same 3/1 pattern.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Eric Covener <co...@gmail.com> ---
SetEnv sets variables well after authentication and access control has
completed. it is already documented as running relatively late in processing.
I can't follow the 1/4 cases or 2/4 cases, but does the above explain why the
results aren't as you expect?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
--- Comment #7 from Dan Jacobson <ji...@jidanni.org> ---
$ ${EDITOR} abj.jidanni.org/images/abj/.htaccess
$ HEAD -dP http://abj.jidanni.org/images/abj/
is what I used to test.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
--- Comment #4 from Dan Jacobson <ji...@jidanni.org> ---
These are my results. Please test with these *exact* lines.
No need to look at the parent, just attempt to browse the directory itself.
With a .htaccess of
Order Deny,Allow
Deny from all
Allow from env=!let_me_in
I can access its directory.
Now even putting "SetEnv let_me_in 1" at the BOTTOM of the file,
Order Deny,Allow
Deny from all
Allow from env=!let_me_in
SetEnv let_me_in 1
results in 403 Forbidden.
**That proves in some cases, the SetEnv IS processed.**
However not if we reverse the test, no matter how much we use it,
SetEnv set_me_in 1
Order Deny,Allow
Deny from all
Allow from env=let_me_in
SetEnv let_me_in 1
as we already know.
(Today testing with Apache 2.2.3.)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
--- Comment #5 from Eric Covener <co...@gmail.com> ---
2.2.3 did not contain env=!foo. It's not mentioned in the changelog or in the
compatibility support of the manual, but it looks like it was first relased in
2.2.10.
Without support for =!let_me_in this looks like an envvar named "!let_me_in"
but I'm not even sure that fully explains your current problem.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
--- Comment #3 from Eric Covener <co...@gmail.com> ---
(In reply to Dan Jacobson from comment #2)
> Yes except for case 4.
> In case 4 we find the startling results that SetEnv actually does get read,
> IF the following operator is "=!".
I get the expected result, a subdirectory with:
SetEnv let_me_in
Order allow,deny
allow from env=!let_me_in
Does show up in the autoindex listing of its parent. Same as if there was no
SetEnv, and same as the more verbose deny,allow + deny from all.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
Dan Jacobson <ji...@jidanni.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.4.6 |2.4.7
--- Comment #6 from Dan Jacobson <ji...@jidanni.org> ---
Yes, you are correct that it doesn't explain it, as I just tested with
Server: Apache/2.4.7 (Debian)
and got the same results! Therefore when you do figure out what is going on
here, please document it (and mention where the changes can be found here)!
Thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 55990] SetEnv vs. =! inconsistentcy not documented
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=55990
--- Comment #2 from Dan Jacobson <ji...@jidanni.org> ---
Yes except for case 4.
In case 4 we find the startling results that SetEnv actually does get read,
IF the following operator is "=!".
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org