>Number: 4723 >Category: mod_proxy >Synopsis: ProxyPass overrides per-directory .htaccess "deny from" >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jul 12 15:20:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: AIX 4.2.1 xlC 3.1.4 >Description: I have a user directory which contains a .htaccess file that restricts access to a certain host (deny from all, allow from thehost). When this directory is accessed via "http://host/~username/abc"; the access restrictions are obeyed. If I set up a ProxyPass that allows getting to the same directory via "http://host/abc"; (as in ProxyPass /abc http://host/~username/abc) the access restriction is not enforced when the access is via "http://host/abc";. At the same time, "http://host/~username/abc"; still enforces the restriction. >How-To-Repeat:
>Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
