httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vsolve apache <vsolve_apa...@yahoo.com>
Subject Clarification on contradiction between the Apache Core Features document and its original behavior
Date Wed, 03 Nov 1999 13:06:08 GMT
Category:       config
Class:          sw-bug
Release:        1.3.9
Environment:    Redhat Linux 6.0

Description:

The content of Apache Core Features document for
Satisfy directive as

"Access policy if both allow and require used. The
parameter can be either 'all' or 'any'. This directive
is only useful if access to a particular area is being
restricted by both username/password and client host
address. In this case the default behavior ("all") is
to require that the client passes the address access
restriction and enters a valid username and password.
With the "any" option the client will be granted
access if they either pass the host restriction or
enter a valid username and password. This can be used
to password restrict an area, but to let clients from
particular addresses in without prompting for a
password."

case 1:
But when we try this with 'Satisfy all' options, it
works fine without the 'require' line in httpd.conf
file.

case 2:
'Satisfy any' option also works fine if we have
'AuthType' line (without 'require' line) in httpd.conf
file.

It creates the contradiction between the Apache Core
Features document and its original behavior.

Clarify the above.

How-to-repeat:
Case 1:
Add 

    satisfy all

to your conf file in <Directory "apache/htdocs">
Context and restart

Case 2:
Add 

    satisfy any
    AuthType Basic

to your conf file in <Directory "apache/htdocs">
Context and restart

Fix:

We can fix the bug in apache to behave as per document
after getting the reply.

regards,
vsolve_apache.




=====

__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Mime
View raw message