>Number: 1657 >Category: general >Synopsis: Multiple <Files> or <FilesMatch> in .htaccess >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jan 12 07:10:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.b3 >Environment: BSDI 3.1 BSD/OS speed.usaor.net 3.0 BSDI BSD/OS 3.0 Kernel #1: Mon Dec 22 17:31:49 EST 1997 [EMAIL PROTECTED]:/usr/src/sys/compile/SPEED i386 >Description: Trying to use the file level permissions in .htaccess and it only accepts the last entry. For example my .htaccess:
AuthType Basic AuthName Stats AuthUserFile /etc/.htpasswd AuthGroupFile /etc/.htgroup <Files ~ "file1.9*|mrtg*"> require user user1 </Files> <Files file2.html> require group group1 </Files> In this scenario it ends up only looking at the 'require group group1' and it gives me access to the entire directory. >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
