httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 25057] New: - Empty PUT access control in .htaccess overrides control in httpd.conf
Date Thu, 27 Nov 2003 17:39:41 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25057>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25057

Empty PUT access control in .htaccess overrides control in httpd.conf

           Summary: Empty PUT access control in .htaccess overrides control
                    in httpd.conf
           Product: Apache httpd-1.3
           Version: 1.3.27
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Auth/Access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: advax@triumf.ca


If a server config contains lines like:
  AllowOverride All
  <Limit PUT>
    order deny,allow
    deny from all
  </Limit>
  <Limit GET>
    allow from all
  </Limit>
and an .htaccess file contains only:
  <Limit GET>
    order deny,allow
    deny from all
    allow from *.myorg
  </Limit>
then PUT operations will be allowed from anywhere

I would expect, in the absence of an explicit override of the PUT ACL,
that the ACL specified in httpd.conf would be in force.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message