httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 21533] - Apache may crash with digest authentication if sub-DocumentRoot .htaccess files override DocumentRoot .htaccess file's "Require valid-user" directive with "Require group testgroup" and the authenticated username is not listed as a member of the "testgroup" group
Date Sat, 09 Aug 2003 07:48:58 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21533>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21533

Apache may crash with digest authentication if sub-DocumentRoot .htaccess files override DocumentRoot
.htaccess file's "Require valid-user" directive with "Require group testgroup" and the authenticated
username is not listed as a member of the "testgroup" group





------- Additional Comments From bjorn.wiberg@home.se  2003-08-09 07:48 -------
Hello Kurt!

Glad that someone else has encountered the same thing. Well, sort of. :-)

The reason for mod_autoindex to look for .htaccess files in subdirectories is to exclude those
subdirectories from the directory listing if the user isn't allowed access to them; a pretty
nice feature.

I have also noticed the "access failed" error messages in the error log, and they are somewhat
annoying, although perhaps necessary to make things simple.
    
Basic authentication (instead of digest authentication) seems to work fine, though, without
any crashes and with the intended functionality. That's my temporary solution until this bug
gets fixed.

Best regards,
Björn

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message