Hi Jan, IMHO the patch is valid, even for backports.
<Directory> and <DirectoryMatch> are documented to "enclose a group of directives that will apply only to the named *directory*, sub-directories of that *directory*, and the files within the respective *directories*". While <Directory> does the APR_DIR check, <DirectoryMatch> doesn't, this is not consistent. There exists the <Files[Match]> closures for files, using ap_file_walk() which is not quite the same code as ap_directory_walk(). There may also be security concerns over there if we are being lenient with unexpected/able configuration (not that I'm not thinking about a particular one). +1 to apply it (for more review). Regards, Yann. On Wed, Oct 29, 2014 at 12:18 PM, Jan Kaluža <[email protected]> wrote: > Hi, > > I was trying to fix PR41867 using attached patch. While the patch seems to > work, I'm thinking if the behaviour change introduced by the patch can bring > some problems. > > Currently, "<DirectoryMatch ^/var/www/html/private>" matches also > "/var/www/html/private.txt" even it is a regular file and not a directory. > With the patch, DirectoryMatch won't match "private.txt" in this case, > because it's a file. > > While I think this is excepted behaviour of DirectoryMatch, I'm not sure if > it's acceptable change in 2.4.x branch (or even trunk?). What do you think? > > Regards, > Jan Kaluza
