Received: (from majordom@localhost)
	by hyperreal.org (8.8.5/8.8.5) id HAA13482;
	Mon, 14 Jul 1997 07:50:04 -0700 (PDT)
Received: (from gnats@localhost)
	by hyperreal.org (8.8.5/8.8.5) id HAA13477;
	Mon, 14 Jul 1997 07:50:01 -0700 (PDT)
Date: Mon, 14 Jul 1997 07:50:01 -0700 (PDT)
Message-Id: <199707141450.HAA13477@hyperreal.org>
From: Quynh-Giao Tran <giao@r2d2.ed.gov>
Reply-To: Quynh-Giao Tran <giao@r2d2.ed.gov>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org
Subject: mod_auth-any/863: Server bypass .htaccess files authorization
 configuration in access.conf file.
In-Reply-To: Your message of Mon, 14 Jul 1997 07:47:25 -0700 (PDT)
	<199707141447.HAA13278@hyperreal.org>
Sender: apache-bugdb-owner@apache.org
Precedence: bulk


>Number:         863
>Category:       mod_auth-any
>Synopsis:       Server bypass .htaccess files authorization configuration in access.conf file.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon Jul 14 07:50:00 1997
>Originator:     giao@r2d2.ed.gov
>Organization:
apache
>Release:        apache-1.2.1
>Environment:
SunOS vader 5.5.1 Generic_103640-08 sun4u sparc, gcc-2.7.2.2 compiler.
>Description:
The serve bypass the authorization .htaccess file as well as the configuration
in the access.conf file.  The same configuration and .htaccess file works if 
configure in public_html directory.
>How-To-Repeat:
http://www2.ed.gov/Programs/setform/
>Fix:
No
>Audit-Trail:
>Unformatted: