www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Hatch <apa...@ifokr.org>
Subject general/7572: 'satisfy' directive doesn't play well with 'order'
Date Mon, 16 Apr 2001 19:28:58 GMT

>Number:         7572
>Category:       general
>Synopsis:       'satisfy' directive doesn't play well with 'order'
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Apr 16 12:30:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     apache@ifokr.org
>Release:        1.3.14
>Organization:
apache
>Environment:
solaris, freebsd, linux all tested
>Description:
tried to make the standard 'allow ip-from-list or allow password'
authentication requirement.  however using an 'order deny,allow' (or
any order statement) silently breaks this, and password auth is
always required.


Since most folks explicitly use 'order', this behaviour is confusing
since we want to add this behaviour later, in general.
>How-To-Repeat:
The following config works:

<Directory /path/name>
        Deny from all
        Allow from ip_address

        AuthType Basic
        AuthName "whatever"
        AuthUserFile /tmp/pw
        Require valid-user

        Satisfy any
</Directory>

The following does not, it only includes an additional 'order'
statement:

<Directory /path/name>
        Order allow,deny
        Deny from all
        Allow from ip_address

        AuthType Basic
        AuthName "whatever"
        AuthUserFile /tmp/pw
        Require valid-user

        Satisfy any
</Directory>
>Fix:
An error msg or improved behaviour is a good idea, at minimum
a note in the docs should meantion this.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message