httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 26367] - "satisfy any" argument exposing otherwise restricted files?
Date Fri, 23 Jan 2004 00:25:39 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26367>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26367

"satisfy any" argument  exposing otherwise restricted files?





------- Additional Comments From nocrapo@hotmail.com  2004-01-23 00:25 -------
Apologies for the brain fart on my part :)  I meant to say "My understanding is
that "satisfy any" should satisfy EITHER the hostname OR
valid-user requirements...".

But either way, is it the intent of the "satisfy any" argument to completely
override "Files" configurations?  Even if I specify the below statement in the
.htaccess file, the problem remains:

<Files .htaccess>
    Order deny,allow
    Deny from all
</Files>

Any ideas how to get apache to NOT override the httpd.conf's configuration
denying access to .ht,.users,.groups file, etc?  It seems to me that having no
way to disable viewing of these files when using the "satisfy any" parameter is
a bit of a security risk?

Thank you :)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message