httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <>
Subject <limit> behaviour change...
Date Tue, 08 Aug 1995 18:38:25 GMT

Just noticed some strangeness since we switched from 0.6.5 to 0.8.8
on one of our boxes.  Under 0.6.5 a .htaccess file of the form:

AuthUserFile /home/www/htdocs/.htpasswd
AuthGroupfile /dev/null
AuthName ByPassword
AuthType Basic

<limit GET>
require user TIS

allowed people to POST to scripts that it was protecting.  While under 0.8.8
we get the 'correct' behaviour of not allowing POSTs to scripts.  A long-running
application's .htaccess had to be changed to:

<limit GET POST>

to allow POSTs to get through.

It seems that sometime before 0.6.5 the real NCSA 1.3R behaviour got dropped
and might only have been recovered when we went to a Shambahla Core, an
observation supported by Paul Richards who's running Shambahla on one of his
test servers.

Anyway, to reiterate.  Some .htaccess files that are fine for Apache 0.6.5 will
break under 0.8.8 (and presumable 0.8.9).  Does this point warrant a notice
in the known bugs list - even if it's really 0.6.5 that is in error!!



     Andrew Wilson	     URL:
Elsevier Science, Oxford   Office: +44 01865 843155    Mobile: +44 0589 616144

View raw message