httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Re: [BUG?] access restriction and multiviews
Date Sun, 02 Feb 1997 18:59:02 GMT
On Sun, 2 Feb 1997, Marc Slemko wrote:

> If I have a directory with multiviews enabled and do a:
> 
> 	<Files foo.html>
> 	deny from all
> 	</Files>
> 
> I can still get the contents of foo.html by asking for foo.  Is this
> correct behavior?  It doesn't seem right to me, especially considering
> that multiviews can be enabled somewhere else without you knowing about it.

Yes, this is correct behavior. MultiViews doesn't get into the act
until after <Files> and such have been processed, so at that point,
the filename really is "foo".

What needs to be done, really, is to add a filename-to-filename phase
of the API (we had talked about this for mod_rewrite a while ago, as
well), an stick MultiViews there. Then it could do its thing before
<Files> and the others get a hold of it. The only problem with this,
of course, is that it wouldn't work: MultiViews is turned on in an
Options directive or another, which aren't read until directory_walk,
which would be called after this filename-to-filename phase. So much
for that.

Another solution might be to move MultiViews to a handler instead of
forcing it into the check-type phase, and having it do an internal
redirect instead of the weird stuff it does now with
subrequests. However, I'd need to think this out more.

-- 
________________________________________________________________________
Alexei Kosut <akosut@nueva.pvt.k12.ca.us>      The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/


Mime
View raw message