>Number: 3480 >Category: mod_access >Synopsis: <Directory> directive acting strange >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: doc-bug >Submitter-Id: apache >Arrival-Date: Wed Dec 2 10:20:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 >Environment: FreeBSD medusa.pulse.nl 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: >Description: I want to limit access to my file system. So I put this into a VirtualHost section, according to the Apache docs:
<Directory /> Order deny,allow Deny from all </Directory> <Directory /usr/home/foobar/public_html> Order deny,allow Allow from all </Directory> If I now put a symbolic link to /etc/passwd in foobar's public_html directory, I go straight there. Hmm... If I use only, the first <Directory> section, all access is blocked. So mod_access is working. >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
