httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40217] - mod_dav ignores access restrictions when listing the contents of a directory
Date Wed, 09 Aug 2006 20:28:13 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40217>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40217


rpluem@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO




------- Additional Comments From rpluem@apache.org  2006-08-09 20:28 -------
(In reply to comment #0)
> I have the following block in my httpd.conf, outside of any Virtual Host
directive:
> 
> <FilesMatch
>
"^\.(perms.xml|home.xml|htaccess|davaccess|htaccess.ssl|localUsers|localGroups|ftpaccess)$">
>     Order allow,deny
>     Deny from all
>     Satisfy All
> </FilesMatch>
> 
> This block is intended to hide files that control access for apache and another
> app that reads the filesystem.  When accessing the space using a web browser,

>From my point of view this is not what filesmatch is designed for. You can
prevent access to these files, but not prevent showing them. Think of Unix
filesystem permissions:

You may have files in a directory on which you have no permissions. As long as
you have read permissions on the directory you can see them.

> all files matching the pattern above are hidden as expected.

What do you mean by hidden? Do you have configured mod_autoindex and they don't
show up in the mod_autoindex generated listings?

> 
> When using a DAV client such as WebDrive, the files are returned in the
> directory listing.  This causes problems when attempting to copy a folder

As stated above I would see this as works as designed.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message