You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Mike Prettejohn <mh...@netcraft.co.uk> on 1996/07/22 10:09:07 UTC
Re: NCSA satisfy any .htaccess directive (fwd)
At this point, I think I would be interested in hearing what the people
on your list have to say.
We're both agreed on what happens, but Brandon thinks it's a documentation
error, and I think it's a server error.
My premise is that there's no reason at all for the server to stick an
implicit 'allow from all' after the 'deny from all' below.
Mike
----- Forwarded message from blong@uiuc.edu -----
On 7/21, Mike Prettejohn uttered the following other thing:
> : On 7/21, Mike Prettejohn uttered the following other thing:
> : > Hi Brandon,
> : >
> : >
> : > I wondered if you knew about this; I mailed httpd@ncsa.uiuc.edu about
> : > a week ago, but haven't had a response.
> : >
> : > There seems to be at least one major gotcha in the code implementing
> : > 'satisfy any'; the following lets everyone through without prompting
> : > for a username/passwd.
> : >
> : > <Limit GET>
> : > order deny,allow
> : > deny from all
> : > require valid-user
> : > satisfy any
> : > </Limit>
> :
> : This is because the default allow is to allow from all.
>
> That's at odds with the documentation.
>
> http://hoohoo.ncsa.uiuc.edu/docs/setup/access/allow.html
>
> says that no default applies for allow.
Ah, that's a problem with Rob's english. By defaults, he meant compile
time, generally. Or something. In any case, thanks for pointing that out,
we'll be happy to change the documentation.
> : To make this work,
> : you need to either change to order allow,deny, or to add allow from none
> : I'll be the first to admit that the security structure of the current
> : server is not particularly obvious, but we're kinda stuck with it.
Brandon
--
Brandon Long "Its much more fun to be sand than oil in the
HTTPd/SDG/NCSA machinery of life."
blong@fiction.net -- Unknown
www.uiuc.edu/ph/www/blong Don't worry, these aren't even my views.
----- End of forwarded message from blong@uiuc.edu -----
--
Mike Prettejohn http://www.netcraft.com
mhp@netcraft.com Phone +44 1225 447500 Fax +44 1225 448600
Netcraft Rockfield House Granville Road Bath BA1 9BQ England
----- End of forwarded message from Mike Prettejohn -----
--
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb) http://www.imdb.com/
...more movie info than you can poke a stick at.