httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52824] New: Conflicts between AllowOverride and AllowOverrideList (Manual is completely wrong!)
Date Sun, 04 Mar 2012 22:19:55 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52824

             Bug #: 52824
           Summary: Conflicts between AllowOverride and AllowOverrideList
                    (Manual is completely wrong!)
           Product: Apache httpd-2
           Version: 2.4.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tixu@cs.ucsd.edu
    Classification: Unclassified


This is not a duplicate bug of 52823
(https://issues.apache.org/bugzilla/show_bug.cgi?id=52823)

The confusion comes from the weird relationship between AllowOverride and
AllowOverrideList. Take a look at the example in the manual:

http://httpd.apache.org/docs/2.4/mod/core.html#allowoverridelist

-----

Example:

AllowOverride AuthConfig
AllowOverrideList CookieTracking CookieName

In the example above AllowOverride grants permission to the AuthConfig
directive grouping and AllowOverrideList grants permission to only two
directves from the FileInfo directive grouping. All others will cause an
internal server error.

-----

It clearly tells that AuthConfig group as well as CookieTracking and CookieName
are allowed in the .htaccess files.

However, if you put directives of the AuthConfig group, you will get error
messages in the error log and Apache will not parse these directives.

So, this is completely wrong according to the manual. Or, manual is completely
wrong?

If you trace the source code, the AllowOverrideList maintains a table
(override_list) which is in the core_dir_config structure. All the parameters
of AllowOverrideList are set in this table.

When parsing a .htaccess file, before calling invoke_cmd(), Apache checks
whether cmd->name is in this table. If not, it will go to an error return no
matter whether this cmd's group is allowed in AllowOverride.    

The code is shown as follows:

-----

static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms,
                              void *mconfig, const char *args)
{
    ......

    /** Have we been provided a list of acceptable directives? */
    if(parms->override_list != NULL)
         if(apr_table_get(parms->override_list, cmd->name) != NULL)
               override_list_ok = 1;

    if ((parms->override & cmd->req_override) == 0 && !override_list_ok)
        if (parms->override & NONFATAL_OVERRIDE) {
            ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, parms->temp_pool,
                          APLOGNO(02295)
                          "%s in .htaccess forbidden by AllowOverride",
                          cmd->name);
            return NULL;
        }
        else {
            return apr_pstrcat(parms->pool, cmd->name,
                               " not allowed here", NULL);
        }
    }
    //invoke the corresponding directive function
    ...
}

-----

My test case is to put the following configuration entries into the httpd.conf

-----

#in httpd.conf
#both the Indexes group and AuthDBMGroupFile should be allowed
<Directory />
    AllowOverride Indexes
    AllowOverrideList AuthDBMGroupFile
</Directory>

-----

Then, put a .htaccess file in the DocumentRoot directory with the following
lines:

-----

#DirectoryIndex is a directory in the Indexes group according to the manual
DirectoryIndex index.html

----- 

Start the httpd server and use browser to access:

ipaddress:port/documentroot/file

You will get the error log message in the error log:

[Sun Mar 04 13:09:27.492655 2012] [core:alert] [pid 24509:tid 140634204722944]
[client 132.239.17.127:57257] /home/tianyin/apache-2.4.1/htdocs/.htaccess:
DirectoryIndex not allowed here


Thanks a lot!

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message