>Number: 2117 >Category: general >Synopsis: The CIDR syntax support for allow and deny finds the '/' in >comments. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 22 09:20:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3b6 >Environment: BSDI BSD/OS 3.1, but I don't think it matters. >Description: We have a .htaccess file on some of our servers that looks like, reduced to the relevant parts:
order deny,allow deny from all allow from 153.39 # UUNET office network allow from 208.196.158.5 # eeg.va.pubnix.com allow from 208.211.134 # Pubnix web development desktop/dev network This was fine with apache 1.2.6. 1.3b6 complains: [Wed Apr 22 11:56:04 1998] [alert] /homes/www068/w3featherlegged/html/.htaccess: syntax error in network portion of network/netmask It is seeing the slash in the comment and taking it to be a netmask separator. It is not documented specifically that comments are accepted in .htaccess files, but aside from this new bug it has always worked. >How-To-Repeat: Put a comment containing a slash in a .htaccess file "allow" line, or presumably a "deny" line. >Fix: 1. Document that comments are accepted in .htaccess files. 2. Make the IP address or network parser pickier about the syntax it accepts, so it doesn't try to accept part of a comment as part of the address. Or just strip out comments before handing it the line to parse. %0 >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]