httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38733] - mod_access doesn't obey any allow/deny rules when using a limit connect statement
Date Tue, 21 Feb 2006 22:08:25 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38733>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38733





------- Additional Comments From rpluem@apache.org  2006-02-21 23:08 -------
(In reply to comment #4)
> The problem is that mod_access lumps its configuration together with a method
> list. If no <limit> is set, all methods are implicitly in this list. Now you
> have a <Location> container, which overrides both the configuration *and* the
> method list. Bang.

Ok. Maybe I am a bit slow today, so that I don't get it :-).
mod_access lumps this together in access_dir_conf, but this is a dir config.

So

<Location />
   <Limit CONNECT>
     Order deny,allow
     Deny from all
   </Limit>
</Location>

<Location /noentry>
     Order deny,allow
     Deny from all
</Location>

should prevent all access to /noentry (what I regard as expected).


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message