httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthieu Moy <>
Subject [users@httpd] "Deny" directives silently ignored in config files
Date Wed, 18 Apr 2012 08:07:56 GMT

I have a server running Apache HTTPD 2.2.16, installed as Debian
package (Debian Squeeze).

Some time ago, "Deny from XXX" directives were correctly taken into
account, both in .htaccess files and in system-wide configuration files
(/etc/apache2/*). I noticed recently that it is no longer the case. I
suspect that this breakage occured when migrating the server from Debian
Lenny to Debian Squeeze, but I'm not sure.

According to "apachectl -t -D DUMP_PACKAGES", the module
authz_user_module is loaded (it says "(shared)").

I tried the following:

<Location /tmp/>
Order deny,allow
Deny from all
#RewriteEngine On
#RewriteRule . - [F]

As it is, the location /tmp/ isn't denied. If I uncomment the Rewrite
rule, it is denied (hence, the config file is read, and the location is
properly specified).

This is a production server so I have limited testing possibilities. I
tried reproducing the problem on a test machine, with the same version
and a full copy of /etc/apache2/ (copied with "rsync -av", only modified
to replace the IP address and DNS name of the server), but the test
machine does not exhibit the problem. I did not copy the files in

I saw nothing in the logs. access.log shows normal accesses (i.e. code
200), and error.log does not change while accessing the pages to be
denied. "apachectl graceful" does not display any warning.

Any idea on what's going on? Where to look for the error?

Thank you very much in advance,

Matthieu Moy

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message