[users@httpd]
-- * I know one thing: That I know nothing* - Socrates **Are *those sharks* with *laser* beams attached to their heads? *Dr*. *Evil* *We're all explorers here* - T S Eliot
Re: [users@httpd] mod_auth_form and original POST body
Hello David Have you tried mod_request-keptbodysize http://httpd.apache.org/docs/2.4/mod/mod_request.html#keptbodysize All the best Paul On 1 May 2013 19:13, David Mansfield apa...@dm.cobite.com wrote: Hi All: I'm using apache 2.4.4 compiled on Centos 6.3 and attempting to use mod_auth_form for inline login with body preservation. The problem is that the POSTed body (from the original/unauthenticated page) is lost forever when the login page is rendered, so it seems impossible to know what to put for the value of the httpd_body variable. I have tried both a cgi and a mod_include based script. I have KeptBodySize 65536 along with one of ErrorDocument 401 /cgi-bin/login.cgi or ErrorDocument 401 /login.shtml How can I access the original POST data during the login page rendering in this scenario? It seems the fundamental problem is the ErrorDocument handler is discarding the POST during internal redirect... -- Thanks, David Mansfield Cobite, INC. --**--**- To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- * I know one thing: That I know nothing* - Socrates *We're all explorers here* - T S Eliot
Re: [users@httpd] filesmatch suspends AccessFileName?
On 5 April 2013 10:44, Hajo Locke hajo.lo...@gmx.de wrote: Hello, interesting thing here. Ist this a bug or expected? Apache is 2.2.23 Costumer uses .htaccess which uses some SetEnvIfNoCase Directives to filter bad bots. the allow,deny directive is placed within a filesmatch directive. example: SetEnvIfNoCase user-agent hallohallo bad_bot=1 FilesMatch (.*) Order Allow,Deny Allow from all Deny from env=bad_bot /FilesMatch The regex in filesmatch Directive is quite useless but this leads to the problem that .htaccess file can called by http in browser and shows all of its contents. http://example.com/.htaccess Seems to me quite simple for a user to disclose his .htaccess contents by simple filesmatch directive which suddenly ignores AccessFileName directive. Is this a bug or expected? Thanks, Hajo --**--**- To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.orgusers-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Hello Hajo Try this at the top level Directory /further/up/tree Files .htaccess Order allow,deny Deny from all /Files /Directory or Files .htaccess order allow,deny deny from all /Files What you've written makes logical sense and I would be allowed access to .htaccess All the best Paul -- * I know one thing: That I know nothing* - Socrates *We're all explorers here* - T S Eliot
Re: [users@httpd] htaccess file and computer names
On 19 February 2013 18:49, Marc Fromm marc.fr...@wwu.edu wrote: I am using some htaccess files to control access to a few web pages. The htaccess file works if I use the ip address of the computer to grant access, but not its name. Is there another setting to enable for “Allow from computername.domain.name” to work like using the ip address “Allow from ###.###.###.###” ? ** ** Order deny,allow Deny from all Allow from computername.domain.name //this does not grant access Allow from ###.###.###.### //this grants access ** ** The computers and the server are all on the same network ** ** Thanks ** ** Marc Hello http://httpd.apache.org/docs/2.0/mod/core.html#location Location /status SetHandler server-status Order Deny,Allow Deny from all Allow from .foo.com /Location Hope this helps. All the best Paul -- Perhaps today is a good day to die. Prepare for ramming speed -*Commander **Worf*