DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41911>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41911 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO ------- Additional Comments From [EMAIL PROTECTED] 2007-03-26 13:28 ------- As you written in your second point : >2. Using a DE certificate, it is possible to get access to /dir >where dir/subdir is also shown. Under webdavs, it is also possible >to get access to /dir/subdir Is that "expected" behaviour? I could not reproduce the issue. Here is my experimentation : Here is my configuration : <Directory "/disk/apache/apache2/htdocs/test"> Order allow,deny Allow from all Options Indexes <IfModule mod_ssl.c> DAV on SSLOptions +StrictRequire SSLVerifyClient require SSLVerifyDepth 10 SSLRequire %{SSL_CLIENT_S_DN_C} eq "US" </IfModule> </Directory> <Directory "/disk/apache/apache2/htdocs/test/subdir"> Order allow,deny Allow from all Options Indexes <IfModule mod_ssl.c> DAV on SSLOptions +StrictRequire SSLVerifyClient require SSLVerifyDepth 10 SSLRequire %{SSL_CLIENT_S_DN_C} eq "DE" </IfModule> </Directory> Using "US" based client certificate when I send the /test/ request then I don't see the subdir in directory listing. ------------------------------------------------------ [/disk/apache/apache2] $ curl --cacert ./certs/rootcert.pem -E certs/client1.pem:password --dump-header - -o - https://lbasantk3:4005/test/ HTTP/1.1 200 OK Date: Mon, 26 Mar 2007 20:09:53 GMT Server: Apache/2.2.5-dev (Unix) mod_ssl/2.2.5-dev OpenSSL/0.9.8a DAV/2 Content-Length: 256 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /test</title> </head> <body> <h1>Index of /test</h1> <ul><li><a href="/"> Parent Directory</a></li> <li><a href="test.html"> test.html</a></li> </ul> </body></html> ------------------------------------------------------ If I try to access /test/subdir/ then I get permission ------------------------------------------------------ [/disk/apache/apache2] $ curl --cacert ./certs/rootcert.pem -E certs/client1.pem:password --dump-header - -o - https://lbasantk3:4005/test/subdir/ HTTP/1.1 403 Forbidden Date: Mon, 26 Mar 2007 20:10:55 GMT Server: Apache/2.2.5-dev (Unix) mod_ssl/2.2.5-dev OpenSSL/0.9.8a DAV/2 Content-Length: 214 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /test/subdir/ on this server.</p> </body></html> ------------------------------------------------------ Now If I change the subdirectory configuration e.g <Directory "/disk/apache/apache2/htdocs/test/subdir"> Order allow,deny Allow from all Options Indexes <IfModule mod_ssl.c> DAV on SSLOptions +StrictRequire SSLVerifyClient require SSLVerifyDepth 10 SSLRequire %{SSL_CLIENT_S_DN_C} eq "US" </IfModule> </Directory> [/disk/apache/apache2] $ bin/apachectl restart Now if I send the request again then I see the "/subdir" as part of my listing. ------------------------------------------------------ [/disk/apache/apache2] $ curl --cacert ./certs/rootcert.pem -E certs/client1.pem:password --dump-header - -o - https://lbasantk3:4005/test/ HTTP/1.1 200 OK Date: Mon, 26 Mar 2007 20:11:17 GMT Server: Apache/2.2.5-dev (Unix) mod_ssl/2.2.5-dev OpenSSL/0.9.8a DAV/2 Content-Length: 296 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /test</title> </head> <body> <h1>Index of /test</h1> <ul><li><a href="/"> Parent Directory</a></li> <li><a href="subdir/"> subdir/</a></li> <li><a href="test.html"> test.html</a></li> </ul> </body></html> ------------------------------------------------------ Also as expected, if I send the /test/subdir/ URI then I get the listing. Kindly provide more information which could be helpful to reproduce the issue. Also kindly provide information about which webdav tool you are using. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
