>Number: 2117
>Category: general
>Synopsis: The CIDR syntax support for allow and deny finds the '/' in
>comments.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Apr 22 09:20:01 PDT 1998
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3b6
>Environment:
BSDI BSD/OS 3.1, but I don't think it matters.
>Description:
We have a .htaccess file on some of our servers that looks like,
reduced to the relevant parts:
order deny,allow
deny from all
allow from 153.39 # UUNET office network
allow from 208.196.158.5 # eeg.va.pubnix.com
allow from 208.211.134 # Pubnix web development desktop/dev network
This was fine with apache 1.2.6. 1.3b6 complains:
[Wed Apr 22 11:56:04 1998] [alert]
/homes/www068/w3featherlegged/html/.htaccess: syntax error in network portion
of network/netmask
It is seeing the slash in the comment and taking it to be a netmask separator.
It is not documented specifically that comments are accepted in .htaccess files,
but aside from this new bug it has always worked.
>How-To-Repeat:
Put a comment containing a slash in a .htaccess file "allow" line,
or presumably a "deny" line.
>Fix:
1. Document that comments are accepted in .htaccess files.
2. Make the IP address or network parser pickier about the syntax it accepts,
so it doesn't try to accept part of a comment as part of the address.
Or just strip out comments before handing it the line to parse.
%0
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
