>Number: 5433
>Category: mod_access
>Synopsis: deny won't work (maybe it's should be)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Dec 7 05:30:01 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.9
>Environment:
Linux ns.dontek.ru 2.2.5-15 #1 Mon Apr 19 23:00:46 EDT 1999 i686 unknown
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)
>Description:
apache send files, even if they are set as 'deny from all'
.htaccess from directory /test1:
order deny,allow
deny from all
AuthType Basic
AuthName Test
AuthUserFile conf/test
require valid-user
satisfy any
httpd.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
GET /test1/.htaccess - file is sent to client
>How-To-Repeat:
follow instructions in description
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
