You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2016/04/14 18:57:39 UTC

[Bug 59325] New: wiki page with big warnign missing

https://bz.apache.org/bugzilla/show_bug.cgi?id=59325

            Bug ID: 59325
           Summary: wiki page with big warnign missing
           Product: Apache httpd-2
           Version: 2.4.18
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: gadnet@aqueos.com

hi,

 i cannot find a way to contact anyone on the wiki so i file it here because it
bitted me HARD.


https://wiki.apache.org/httpd/PHP-FPM

the php-fpm wiki page state that to use php-fpm you should user proxypassmatch
directive.


 Nowhere it state that this ignore all htaccess leading to things like
byp^sssing all security :

http://test.com  => pop up for authentification
http://test.com/index.php  => http 200 you pass

this negate all htaccess restriction rules and all rewrites etc...

i cannot edit the page, comment it or contact anyone on the wiki that i can
find so sorry if it is not the good place.

Is there a way to put a warnign on this page i dont want others to feel the
pain i felt.


thanks for the httpd and all your work ! :)



regards,
ghislain.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 59325] wiki page with big warnign missing

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59325

gadnet@aqueos.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from gadnet@aqueos.com ---
i should add that the proxypassmatch doc do not seems to indicate it will
negate evry internal processing, perhaps a warning that this directive ignores
htaccess tooo could be handy :)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 59325] wiki page with big warning missing

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59325

--- Comment #2 from thumbs <th...@apache.org> ---
This is mostly not relevant to the purpose of that recipe.

htaccess files have nothing to do with security, nor authentication. They are
merely containers that can be used provided one cannot edit your config files
as the root user.

Additionally, in order to complete that recipe, you *will* require root access,
or whatever admin user your initial httpd process is running at.

Proper authn and authz can be performed in a <Location> block, if needed, as it
is the case with any proxy.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 59325] wiki page with big warning missing

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59325

Mike Rumph <mi...@oracle.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|wiki page with big warnign  |wiki page with big warning
                   |missing                     |missing

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 59325] wiki page with big warning missing

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=59325

Rich Bowen <rb...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Rich Bowen <rb...@apache.org> ---
I've added a warning to this effect in the caveats section.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org