https://issues.apache.org/bugzilla/show_bug.cgi?id=49048
Summary: ACL not applied to redirect URLs
Product: Tomcat Connectors
Version: 1.2.28
Platform: PC
OS/Version: Windows Server 2003
Status: NEW
Severity: normal
Priority: P2
Component: isapi
AssignedTo: [email protected]
ReportedBy: [email protected]
Directories intercepted by the isapi_redirect do not interpret the permissions
created in IIS directories.
To replicate this:
Configure the isapi_redirect as normal and make sure an application is being
fowarded such as /manager. Create a directory in the IIS site with the same
name as the redirect URL listed in the uriworkermap.properties, like manager.
Turn off anonymous access to the site to force basic authentication and apply
ACL restrictions on the /manager site such that access is restricted.
Result: The user is prompted for credentials but only parent directory
permissions are applied, not the specific directories rights. Being that all
authentication is being handled by IIS, the directory permissions should be
applied as setup in IIS.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
