httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Lysik <bly...@yahoo.com>
Subject Re: [users@httpd] autoindex: showing directory it shouldn't
Date Thu, 01 Aug 2013 17:07:14 GMT
Hopefully not too bad form to reply to my own thread, but I have more information.

If I use normal file system based groups, it works as expected, and won't show my directory
1.

So now it appears to be either an issue with mod_authz_ldap or it's apache making a decision
not to check a sub-directory .htaccess if using a different authorization method.
 
--
Bruce Z. Lysik <blysik@yahoo.com>



>________________________________
> From: Bruce Lysik <blysik@yahoo.com>
>To: "users@httpd.apache.org" <users@httpd.apache.org> 
>Sent: Thursday, August 1, 2013 7:18 AM
>Subject: [users@httpd] autoindex: showing directory it shouldn't
> 
>
>
>Hi,
>
>
>Summary of my problem: mod_autoindex is showing directories that a logged in user doesn't
have access to when using Require group.  When using Require user, it's properly not shown.
 ShowForbidden is never turned on.
>
>
>Details:
>
>
>Oracle Linux 6u4 (RHEL6u4)
>httpd-2.2.15-26.0.1.el6.x86_64
>mod_authz_ldap-0.26-16.el6.x86_64
>
>
>* mkdir -p /tmp/test/{1,2,3}
>* cat "Require group blahblah "> /tmp/test/1/.htaccess
>* set perms to 775
>* Configure a virtual host with /tmp/test as the DocumentRoot and setup ldap authorization
and authentication via mod_authz_ldap.  Test with a user not in group 'blahblah'. Basic auth.
>* Turn on Options Index  (ShowForbidden is NOT on.)
>
>
>Browse to the doc root, and I can see directories 1, 2, and 3. (From my understanding,
I shouldn't see 1.)  Trying to browse into directory 1 and I'm properly forbidden.
> 
>* Change .htaccess file to 'Require user notmyuser'
>
>
>Browse to the doc root.  Now I can only see directories 2 and 3.  (Proper behavior.)
>
>
>Any help would be appreciated, this is driving me crazy!  Thanks!
>
>
>--
>Bruce Z. Lysik <blysik@yahoo.com>
>
>
Mime
View raw message