>Number: 917 >Category: config >Synopsis: Inconsistency in ErrorDocument result in different types of >blocks >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jul 25 12:20:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3a1 >Environment: BSD/OS www.pacific.net 2.1 BSDI BSD/OS 2.1 Kernel #1: Mon May 5 10:17:03 PDT 19 97 [EMAIL PROTECTED]:/usr/src/sys/compile/PACIFIC i386 >Description: In srm.conf, I have an ErrorDocument 403 which sets the root-server error message. Then, in access.conf, a <Directory> block which sets a different 403 message for a particular user directory. That user directory is used in a VirtualHost. Then, accessing a -x directory by dirname/ in that virtual server, I get the second 403 message, as expected. However, if I specify a particular filename inside that directory (dirname/somefile.gif), it returns the *first* 403 message (the root-server one from srm.conf).
If I set the ErrorDocument 403 to the second, virtual-host 403 message within the <VirtualHost> block in httpd.conf, the problem does not occur (the same 403 message is returned for directories and files). >How-To-Repeat: 1) ErrorDocument 403 /denied.html 2) <Directory /home/username/> ErrorDocument 403 /user.denied.html </Directory> 3) <VirtualHost www.usernamesdomain.com> DocumentRoot /home/username/public_html ErrorDocument 403 /vhdenied.html </VirtualHost> Then, access a) a non-executable directory, and b) a file inside that directory. They should both return vhdenied.html; however, if it is not set in (2), vhdenied.html comes up for directories, but denied.html appears for specific files. >Fix: Perhaps this is just confusion on my part as to the priority set on documents overriding each other in different statement levels, but it seems to me that directives set in <VirtualHost> should unconditionally override directives set in other blocks. Or at least, directories and files (though "access denied" means different things for each) should behave the same way through inheritance. %0 >Audit-Trail: >Unformatted:
