>Number: 2951 >Category: mod_auth-any >Synopsis: .htaccess in virtual host directory doesn't seem to be parsed >correctly. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Sep 3 16:40:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.6 >Environment: Solaris 2.6, GCC compiler sun4u sparc SUNW,Ultra-1 >Description: I have a virtual server at /opt/htdocs/test and a URL of test.blah.com. When I go to http://test.blah.com I pull up the index.html document just fine and can also retrieve a "passwd" file in the same directory. For example: http://test.blah.com/passwd will list my passwd file. This is a copy of my htaccess file:
<Files *> deny from all </Files> <Files ~ "/|(index|test)\.html"> allow from all </Files> My access.conf shows: <Directory /opt/htdocs/test> Options Indexes FollowSymLinks Includes ExecCGI MultiViews AllowOverride All order allow,deny allow from all </Directory> If this is not a bug, I have been unable to find any documentation or assistance in resolving this so please offer the correct method for accomplishing this. Specifically telling it to deny access to that file does work, it's like it's ignoring the <Files *> directive because if I change it to: <Files passwd> it does deny access to the passwd file.... Thanks for all your help and providing such a great product. I've had to ask for help one other time and the response was excellent! If I am just not understanding this properly or if Apache is designed to work this way, that's fine but please let me know how (if at all) I can accomplish this goal for my client... >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
