httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45402] New: mod_autoindex incorrectly fails to list files
Date Wed, 16 Jul 2008 00:17:17 GMT

           Summary: mod_autoindex incorrectly fails to list files
           Product: Apache httpd-2
           Version: 2.2.9
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_autoindex

*** Long-winded description of setup ***

I have a directory on a server which is to be accessible through two different
URLs, one for general use (we'll call it "download") and one for management via
DAV (we'll call it "upload").

The authentication and authorization is different depending on which <Location>
you access it through. The upload uses LDAP for authentication, but download
uses a standard htpasswd file. The download also only requires valid-user,
while the DAV (upload) end also requires a group membership.

Groups are defined in a standard htgroup file, not in LDAP. LDAP is only
available for authentication.

*** Behaviour ***

When I access the download URL, the correct index is generated and files are

When I access the upload URL using a DAV client, all is well.

When I access the upload URL using a browser, no files are listed, and "user
myusername not found:" errors are logged for each file.

When I access an individual file using a browser, I am able to retrieve it.

If I modify the configuration to add a <Directory> section for the underlying
directory, requiring the same auth as the <Location> section for the upload
URL, then I can access the upload URL using a standard browser and all files
are correctly listed.

If I add a myusername entry to the htpasswd file which is used for download
with a different password to the LDAP one, the error in the logs changes to
'user myusername: authentication failure for "/some/path/and/file": Password

If I add a myusername entry to the htpasswd file which is used for download
with the same password as the LDAP one, the directory listing is generated

*** The important bit ***

Apart from the fact that my authn/authz setup is probably not optimal (!), it
seems to me likely that the subrequest made by mod_autoindex (using
ap_sub_req_lookup_dirent) is not able to correctly identify whether or not I
have permission to access the files (which is the bug) because it has no idea
which URL I used (and hence which <Location> config is relevant).

The entire configuration is rather complex, besides which I'm not willing to
post it publically. I would however be happy to make it available to relevant
individuals, and/or to describe the config or the problem further either via
IRC or email.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message