httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43196] New: - Require statement not honored.
Date Thu, 23 Aug 2007 10:42:37 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43196>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43196

           Summary: Require statement not honored.
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jesus.climent@gmail.com


While trying to protect some files for access to certain groups of users, we
found that the "Require" statement was not honored.

We are using apache with mod_ldap and mod_authnz_ldap.

In LDAP we have some groups defined.

In the main configuration file we have

  AllowOverride AuthConfig

In our .htaccess file we have:

AuthType                        basic
AuthName                        "Restricted"
AuthBasicProvider               ldap
AuthLDAPGroupAttribute          memberUid
AuthLDAPGroupAttributeIsDN      off
AuthLDAPURL                    
ldap://localhost:389/dc=local?uid?sub?(employeeType=active)

<FilesMatch "\.tgz$">
 require ldap-group cn=images,ou=1x,ou=groups,dc=local
</FilesMatch>

If a user belongs to the given group, the user can see and download the files.

However, if a user does NOT belong to the group, the user cannot see those .tgz
files but she CAN download them if the filenames are known to her.

We believe this is not a proper behavior, as the documentation states that the
users belonging to the "images" group should not be able to access those files.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message