You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2014/01/12 01:28:55 UTC

[Bug 55990] New: SetEnv vs. =! inconsistentcy not documented

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

            Bug ID: 55990
           Summary: SetEnv vs. =! inconsistentcy not documented
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: jidanni@jidanni.org

http://svn.apache.org/viewvc?view=revision&revision=r1556102
goes a long way, but there is one case that it still does not fully cover:

I.e., highly unexplainable why only one of the
following four work, instead of two:

# while read; do cat ~jidanni/mediawiki/images/radioscanningtw/.htaccess; w3m
-dump http://radioscanningtw.jidanni.org/images |grep radio.*:; echo
----------; done

Order Deny,Allow
Deny from all
Allow from env=!let_me_in
[DIR]       radioscanningtw/ 2014-01-07 11:18    -
----------
Order Deny,Allow
Deny from all
Allow from env=let_me_in
----------
SetEnv let_me_in 1
Order Deny,Allow
Deny from all
Allow from env=let_me_in
----------
SetEnv let_me_in 1
Order Deny,Allow
Deny from all
Allow from env=!let_me_in
----------

Browsing the child directly with
d=radioscanningtw.jidanni.org/images/radioscanningtw/; while read; do
cat ~jidanni/$d/.htaccess; w3m -dump http://$d; echo -n ----------;
done
shows the same 3/1 pattern.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from Eric Covener <co...@gmail.com> ---
SetEnv sets variables well after authentication and access control has
completed.   it is already documented as running relatively late in processing.

I can't follow the 1/4 cases or 2/4 cases, but does the above explain why the
results aren't as you expect?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

--- Comment #7 from Dan Jacobson <ji...@jidanni.org> ---
$ ${EDITOR}       abj.jidanni.org/images/abj/.htaccess
$ HEAD -dP http://abj.jidanni.org/images/abj/
is what I used to test.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

--- Comment #4 from Dan Jacobson <ji...@jidanni.org> ---
These are my results. Please test with these *exact* lines.
No need to look at the parent, just attempt to browse the directory itself.
With a .htaccess of

Order Deny,Allow
Deny from all
Allow from env=!let_me_in

I can access its directory.

Now even putting "SetEnv let_me_in 1" at the BOTTOM of the file,

Order Deny,Allow
Deny from all
Allow from env=!let_me_in
SetEnv let_me_in 1

results in 403 Forbidden.

**That proves in some cases, the SetEnv IS processed.**

However not if we reverse the test, no matter how much we use it,

SetEnv set_me_in 1
Order Deny,Allow
Deny from all
Allow from env=let_me_in
SetEnv let_me_in 1

as we already know.

(Today testing with Apache 2.2.3.)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

--- Comment #5 from Eric Covener <co...@gmail.com> ---
2.2.3 did not contain env=!foo. It's not mentioned in the changelog or in the
compatibility support of the manual, but it looks like it was first relased in
2.2.10.

Without support for =!let_me_in this looks like an envvar named "!let_me_in"
but I'm not even sure that fully explains your current problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

--- Comment #3 from Eric Covener <co...@gmail.com> ---
(In reply to Dan Jacobson from comment #2)
> Yes except for case 4.
> In case 4 we find the startling results that SetEnv actually does get read,
> IF the following operator is "=!".

I get the expected result, a subdirectory with:

  SetEnv let_me_in
  Order allow,deny
  allow from env=!let_me_in

Does show up in the autoindex listing of its parent.  Same as if there was no
SetEnv, and same as the more verbose deny,allow + deny from all.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

Dan Jacobson <ji...@jidanni.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.4.6                       |2.4.7

--- Comment #6 from Dan Jacobson <ji...@jidanni.org> ---
Yes, you are correct that it doesn't explain it, as I just tested with
Server: Apache/2.4.7 (Debian)
and got the same results! Therefore when you do figure out what is going on
here, please document it (and mention where the changes can be found here)!
Thanks.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 55990] SetEnv vs. =! inconsistentcy not documented

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55990

--- Comment #2 from Dan Jacobson <ji...@jidanni.org> ---
Yes except for case 4.
In case 4 we find the startling results that SetEnv actually does get read,
IF the following operator is "=!".

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org