www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Prater <jpra...@r2d2.ed.gov>
Subject config/867: satisfy tag in .htaccess allows access from all
Date Tue, 15 Jul 1997 17:00:02 GMT

>Number:         867
>Category:       config
>Synopsis:       satisfy tag in .htaccess allows access from all
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 15 10:00:01 1997
>Originator:     jprater@r2d2.ed.gov
>Organization:
apache
>Release:        1.2.0-1.2.1
>Environment:
SunOS r2d2 5.5.1 Generic_103640-08 sun4m sparc / gcc 2.7.2.2.f.2
>Description:
Given the following .htaccess file, when "satisfy any" is added after
<Limit POST GET>, all sites gain access to the directory...
(AccessOverride is set to All in access.conf)
Basically "satisfy any" does not work...
----
AuthUserFile /usr/local/etc/httpd/conf/passwd
AuthName [machine-id]
AuthType Basic

<Limit POST GET>
order deny,allow
deny from all
allow from [site1]
require user [user1] [user2]
</Limit>
>How-To-Repeat:
duplicate the above .htaccess file replacing [variable] with appropriate
data...
>Fix:
fix "satisfy any" to work as the documentation suggest
>Audit-Trail:
>Unformatted:



Mime
View raw message