https://bz.apache.org/bugzilla/show_bug.cgi?id=69835
Bug ID: 69835
Summary: Nonfatal clause in AllowOverride ignored when combined
with Options=
Product: Apache httpd-2
Version: 2.4.65
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I think I may have found a bug in a corner case for the directive AllowOverride
Way to reproduce:
* Latest httpd
* Set configuration for a directory to something similar to:
<Directory /some/path/here>
Options +ExecCGI +Includes +SymLinksIfOwnerMatch -FollowSymLinks
AllowOverride Nonfatal=Override Options=Includes
</Directory>
* Put in said directory an .htaccess file with a not allowed directive.
Expected behaviour is that the directive not allowed in the .htaccess file gets
ignored and there is no 500 error response.
Now, I may put in AllowOverride any directive type along with Nonfatal=Override
and it will work as expected.
But the moment I put Options=<Any_Option> , the Nonfatal=Override gets silently
ignored. Mind that if I just put Options (no equal sign and no option list), it
still works as expected. It is the moment I add the equal sign and an option
that the Nonfatal=Override gets ignored thus leading to a 500 error response.
I say Nonfatal=Override because that is actually what I need in my
configuration, but Nonfatal=Unknown or Nonfatal=All get ignored too.
I have been reading through the function set_override() and set_allow_opts() in
server/core.c to try to make sense of what may be happening, but I cannot
figure it out. It has been too long since I last did anything in c.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
