httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Web <bernd....@gmail.com>
Subject [users@httpd] serving .htaccess files
Date Tue, 29 Nov 2005 10:59:12 GMT
Hi,

I have a query/suggestion regarding Satisfy and the server
configuration file (httpd.conf).

The default server configuration prevents .htaccess (names matching
.ht*) to be served (see below).
However, when using IP and password authentication with "Satisfy any"
in a .htaccess file these files are served! (see e.g.
http://httpd.apache.org/docs/1.3/misc/FAQ.html, FAQ3)
The "Satisfy any" also applies to the files matching the <Files>
directive (see below).

When only basic password authentication is used in the .htaccess but
Satisfy Any remains in this file,  the .ht* files are also served. So,
basically, .ht* files are served as soon as Satisfy is set to Any (in
combination with password authentication).

I think we never want to server these ".ht*" files.

Would it not be good to add "Satisfy all" to the directives below in
the default Apache sources (or am I missing something why .htaccess
serving happens?)

Regards,
Bernd

>From httpd.conf (Apache/2.0.46), RedHat
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

>From httpd-std.conf.in and httpd-win.conf (sources Apache/2.0.55)
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message