httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45127] New: Empty pattern in FilesMatch causes Allow to match any IP
Date Wed, 04 Jun 2008 09:38:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45127

           Summary: Empty pattern in FilesMatch causes Allow to match any IP
           Product: Apache httpd-2
           Version: 2.2.8
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: paul.dodd@usb.unibe.ch


In an .htaccess file the lines
---
Order Allow,Deny
<FilesMatch "">
   Allow from 255.255.000.000
</FilesMatch>
---
allow access to ANY host i.e. the address part of the IP is not used to
restrict access. Commenting out the "Allow from 255.255.000.000" line reverts
to the expected behaviour i.e. the access is denied.

The same happens with any pattern in FilesMatch which also matches an empty
file name such as
<FilesMatch "(^xyz$)?">

Workaround: don't use patterns which match an empty file name.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message