DO NOT REPLY [Bug 41911] New: - SSLRequire does not restrict access to subdirectory under dav

Tue, 20 Mar 2007 19:29:23 -0800 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41911>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41911

           Summary: SSLRequire does not restrict access to subdirectory
                    under dav
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


Directory /srv/www/html/dir>
 Order allow,deny
 Allow from all
     <IfModule mod_ssl.c>
      DAV on
      SSLOptions +StrictRequire
      SSLVerifyClient require
      SSLVerifyDepth 10
      SSLRequire       %{SSL_CLIENT_S_DN_C} eq "DE"
     </IfModule>
</Directory>

Directory /srv/www/html/dir/subdir>
 Order allow,deny
 Allow from all
     <IfModule mod_ssl.c>
      DAV on
      SSLOptions +StrictRequire
      SSLVerifyClient require
      SSLVerifyDepth 10
      SSLRequire       %{SSL_CLIENT_S_DN_C} eq "DK"
     </IfModule>
</Directory>

1.  Using webdavs to access /dir

2. Using a DE certificate, it is possible to get access to /dir
where dir/subdir is also shown.  Under webdavs, it is also possible
to get access to /dir/subdir  Is that "expected" behaviour?

3.  After getting access to /dir/subdir, where it is possible to see
the files in /dir/subdir, attempts to access 
subdirectories /dir/subdir/subsubdir are rejected (according to the
error message in the log file, because the "Requirement expression not 
fulfilled"  (as it should)

3.  If one attempts to access /dir/subdir directory (via URL, either via https: 
or webdavs:), then it is rejected with the "Requirement expression not 
fulfilled" (as it should)

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to