httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: RedirectMatch: unexpected behavior within <Limit>
Date Wed, 17 May 2017 13:47:26 GMT
On Wed, May 17, 2017 at 9:12 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
> <Directory "/">
>  <Limit POST>
>   RedirectMatch 404 "(?i)\/[\.]{0,1}(cvs|svn)\/"
>  </limit>
> </Directory>
>
> that above don't work and don't warn as it is normally the case where a
> "apachectl -t" clearly says "syntax error, xxx not allowed here"
>
> don't work means RedirectMatch also applies to GET-requests which makes it
> really hard to restrict extensions like below only for normal webacess which
> is chained into "AllowMethods GET HEAD POST" but at the same time allow time
> for mod_dav_svn methods
>
> well, and there is also no option to remove one or all global set
> "RedirectMatch" for a specific directory
>
> RedirectMatch 404
> "(?i)\.(asax|ascx|ashx|asmx|asp|aspx|axd|back|backup|bak|bat|cfm|class|class\.php|cmd|conf|config|csproj|dat|data|db[0-9]{0,1}|dll|ds_store|exe|fbcindex|idc|inc|ini|jhtml|jsp|jspa|key|log|mdb|mdf|mscgi|nasl|nsf|ocx|old|pl|py|rb|sample|sav|save|sh|shtm|sql|sqlite|vbproj|vbs|webinfo)$"

These containers should be marked deprecated in 2.4 and riddled with
cautions that they only apply to access control.

Re: the  non dev@ related stuff, use <if>.


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message