On Tue, Nov 25, 2014 at 8:39 PM, Eric Covener wrote:
> On Tue, Nov 25, 2014 at 7:10 PM, Jeff Trawick wrote:
> > On Mon, Nov 24, 2014 at 12:16 PM, Eric Covener
> wrote:
> >>
> >> On Thu, Aug 21, 2014 at 8:42 AM, Jeff Trawick
> wrote:
> >> > CGIPassHeader could be allowed in htaccess if the http
On Tue, Nov 25, 2014 at 7:10 PM, Jeff Trawick wrote:
> On Mon, Nov 24, 2014 at 12:16 PM, Eric Covener wrote:
>>
>> On Thu, Aug 21, 2014 at 8:42 AM, Jeff Trawick wrote:
>> > CGIPassHeader could be allowed in htaccess if the httpd admin has
>> > specified
>> > "AllowOverride ... AuthConfig ..."* o
On Mon, Nov 24, 2014 at 12:16 PM, Eric Covener wrote:
> On Thu, Aug 21, 2014 at 8:42 AM, Jeff Trawick wrote:
> > CGIPassHeader could be allowed in htaccess if the httpd admin has
> specified
> > "AllowOverride ... AuthConfig ..."* or "AllowOverrideList CGIPassHeader"
> in
> > the main config.
>
On Thu, Aug 21, 2014 at 8:42 AM, Jeff Trawick wrote:
> CGIPassHeader could be allowed in htaccess if the httpd admin has specified
> "AllowOverride ... AuthConfig ..."* or "AllowOverrideList CGIPassHeader" in
> the main config.
>
> Make sense?
>
> *Only auth headers are currently suppressed, so th
On Tue, Aug 19, 2014 at 9:09 AM, Jeff Trawick wrote:
> On Tue, Aug 19, 2014 at 9:04 AM, Eric Covener wrote:
>
>> On Tue, Aug 19, 2014 at 8:59 AM, Jeff Trawick wrote:
>> > I'm +0.75 or so for having to explicitly enable the use of
>> CGIPassHeader in
>> > htaccess.
>>
>> Is there an existing pat
On Tue, Aug 19, 2014 at 9:04 AM, Eric Covener wrote:
> On Tue, Aug 19, 2014 at 8:59 AM, Jeff Trawick wrote:
> > I'm +0.75 or so for having to explicitly enable the use of CGIPassHeader
> in
> > htaccess.
>
> Is there an existing pattern for something to need to be explicitly
> named in AllowOver
On Tue, Aug 19, 2014 at 8:59 AM, Jeff Trawick wrote:
> I'm +0.75 or so for having to explicitly enable the use of CGIPassHeader in
> htaccess.
Is there an existing pattern for something to need to be explicitly
named in AllowOverrideList? But would that also basically guarantee
nobody who needs
On Mon, Aug 18, 2014 at 7:09 PM, Graham Dumpleton
wrote:
> The problem is sys admins who don't know what they are doing as far as
> administering Apache.
>
> I used to work in a corporate environment where they allowed everyone a
> ~username directory for placing stuff. As they wanted to allow pe
On Mon, Aug 18, 2014 at 7:22 PM, Graham Leggett wrote:
> On 16 Aug 2014, at 10:16 PM, Jeff Trawick wrote:
>
> > This core directive would be used to modify the processing of
> ap_add_common_vars() to pass through Authorization or Proxy-Authorization
> as HTTP_foo. (Nothing else is currently blo
On 16 Aug 2014, at 10:16 PM, Jeff Trawick wrote:
> This core directive would be used to modify the processing of
> ap_add_common_vars() to pass through Authorization or Proxy-Authorization as
> HTTP_foo. (Nothing else is currently blocked, so any other header name
> wouldn't make sense.)
>
>
The problem is sys admins who don't know what they are doing as far as
administering Apache.
I used to work in a corporate environment where they allowed everyone a
~username directory for placing stuff. As they wanted to allow people to
setup certain type of scripts in their directory, they allow
Hi,
only short notes from me. I'd appreciate such a directive very much. I
think, allowing it in .htaccess won't hurt. I can't come up with a use
case, where the person behind the script doesn't have access to the
credentials anyway.
As for the passing right now, you don't need the whole mod_r
On Sat, Aug 16, 2014 at 11:29 PM, Graham Dumpleton
wrote:
> A few comments on this.
>
> The first is that mod_wsgi originally never allowed its
> WSGIPassAuthorization directive in a htaccess file, and then when it it did
> first allow it, it was only honoured if AuthConfig was allowed for that
>
A few comments on this.
The first is that mod_wsgi originally never allowed its
WSGIPassAuthorization directive in a htaccess file, and then when it it did
first allow it, it was only honoured if AuthConfig was allowed for that
context.
I kept having people who needed that ability when they had a
This core directive would be used to modify the processing of
ap_add_common_vars() to pass through Authorization or Proxy-Authorization
as HTTP_foo. (Nothing else is currently blocked, so any other header name
wouldn't make sense.)
This directive would be configurable at the directory level, but
15 matches
Mail list logo
