www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Linstruth <patr...@qnet.com>
Subject pending/2617: Protecting <APPLET> with mod_access and mod_setenvif
Date Tue, 14 Jul 1998 23:29:19 GMT

>Number:         2617
>Category:       pending
>Synopsis:       Protecting <APPLET> with mod_access and mod_setenvif
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 14 16:30:00 PDT 1998
>Last-Modified:
>Originator:     patrick@qnet.com
>Organization:
apache
>Release:        1.3.0
>Environment:
FreeBSD chat.qnet.com 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Wed Mar 25 02:28:4
9 GMT 1998     jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC  i386
>Description:
I am trying to use mod_setenvif to protect a directory from being access
unless the referer is my own web site.  This seems to work with regular
.html documents, but no matter what it won't allow me to access <APPLET>
code:

Here's excerpts from my access.conf

   SetEnvIf Referer www\.laromance\.com laromance

   Alias /java/  /var/apache/laromance/java/

   <Directory /var/apache/laromance/java>
   AllowOverride None
   Options None
   order deny,allow
   deny from all
   allow from env=laromance
   </Directory>

Here's output from my access_log/error_log files:

   207.155.46.22 - - [14/Jul/1998:16:09:58 -0700] "GET /java/HelloWeb.class HTTP/1.1" 200
891

   207.155.46.22 - - [14/Jul/1998:16:09:58 -0700] "GET /java/HelloWeb.class HTTP/1.1" 200
891

Here's my Apache version

   Apache/1.3.0 (Unix) mod_perl/1.12

Here's my HTML code:

<APPLET CODEBASE="/java/" CODE="HelloWeb.class" WIDTH=200 HEIGHT=200>
<PARAM NAME="user" VALUE="%u">
[HelloWeb applet]
</APPLET>

>How-To-Repeat:

If you would like access to our server in way, please let me know and I can make it available
to you.
>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message