httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Re: Apache ACL
Date Tue, 15 Jan 2008 14:44:11 GMT
> -----Original Message-----
> From: news [mailto:news@ger.gmane.org] On Behalf Of Marc
> Sent: Tuesday, January 15, 2008 1:22 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] Re: Apache ACL
> 
> Boyle Owen <Owen.Boyle <at> swx.com> writes:
> 
> > 
> > The problem you describe has no obvious solution, so there must be
> > additional config directives interfering with your setup. See notes
> > below:  
> > 
> 
> [error] [client 88.xx.xx.xx.xx] client denied by server configuration:
> /path/to/dir3/index.php
> 
> However, there is no index.php in that directory. 
> Alone it 
> being mentioned in
> the DirectoryIndex 

Aha! that's the "additional config directives interfering with your
setup"... You didn't mention you had a DirectoryIndex directive
somewhere... 

What's happening is:

- Apache gets request for dir3
- DirectoryIndex tells it to look for index.php
- FileMatch block matches index.php and so triggers a 403

> seems to be enough for the access to be 
> denied :-\ Strange
> behavior.

That's a matter of opinion - I guess you are expecting it only to block
the PHP file if it exists. But that would mean that apache would have to
stat the file (ie, expensive file operation) even though it knows that
it is going to deny access anyway. That seems pretty pointless in the
general case so it just sends the 403 straight away, before it wastes
time looking up the file.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> regards,
> Marc
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. The sender's company reserves
the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message