httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuart Gall <stu...@otenet.gr>
Subject Re: [users@httpd] Strange problem with Options +Indexes
Date Mon, 22 Aug 2005 17:15:34 GMT
On 21 Aug 2005, at 17:39, Joshua Slive wrote:
>
>
>>
>> So I have apache 2.0.50 installed on Mandrake
>
> A little bit of an old version.
>

OK It comes with mandrake 10.1 and I am a bit lazy :-)
The latest version is 2.0.54 and
http://ftp.physics.auth.gr/pub/mirrors/apache/httpd/CHANGES_2.0
doesn't mention anything relevant (AFAICS) between .50 and .54

Perhaps Ill upgrade and see.

>> In one of my virtual hosts I have
>>
>>         <Location />
>>                 Allow from all
>>         </Location>
>>
>>         <Location /ppm/storyboard>
>>                 Options +Indexes
>>                 Allow from all                         **
>>         </Location>
>>
>> When I go to this location with a web browser I see the directory
>> index
>> but with no files UNLESS
>> I also include
>>
>>         <Directory /document root>
>>                 Allow from all
>>         </Directory>
>>
>> I do not see any files listed.
>>
>> Why do I need the double Allow from all ??
>> Or more interestingly if access to the location is denied why dont I
>> get a forbidden message instead of an empty listing ?
>
> Interesting.  If you request the files inside the directory directly,
> does it work?

Yes you can access the files. Accessing the files of course has nothing
to do with mod_autoindex.
It is as if the execute right is removed from the directory.

>
> I haven't tested this myself, but my guess is that mod_autoindex
> (which generates the directory listings) is doing a file-level
> sub-request on each entry in the directory to see if it is accessible.
>  For some reason this sub-request is not processing the <Location>
> sections, only the <Directory> sections.

Makes sense.
A bug then, or perhaps a security feature?


> You still can see the directory itself because the main request is
> honoring the <Location> section.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
-------------------------------------------------------------------
Stuart Gall
Systems Administrator
-------------------------------------------------------------------
No user serviceable parts inside?  Ill be the judge of that!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message