>Number: 3367 >Category: mod_auth-any >Synopsis: Satisfy ignores <Limit> context >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Nov 9 07:20:01 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.6 >Environment: SunOS 5.6 Generic sun4d sparc SUNW, SPARCserver-1000 >Description: I want to give GET&POST access by hostname OR username and PUT access by hostname AND by username. Si I thought I could write the following in my access.conf file :
<Location ~ "/intranet"> AllowOverride None AuthType Basic AuthName Intranet AuthUserFile /usr/local/etc/apacheserver/conf/passwd.conf AuthGroupFile /usr/local/etc/apacheserver/conf/group.conf <Limit GET POST> order deny,allow deny from all allow from .toto.fr require group mygroup Satisfy any </Limit> <Limit PUT> require group admin Satisfy all </Limit> </Location> But only the last "Satisfy" directive is applied and applied to GET POST and PUT access method ! Is it possible to restrict the "Satisfy" directive to apply only within the <Limit> directive >How-To-Repeat: Try the above access.conf file. >Fix: Restrict the "Satisfy" directive to apply only within the <Limit> directive. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
