>Number: 5015 >Category: mod_autoindex >Synopsis: IndexIgnore in .htaccess is governed by AllowOverride Options >NOT AllowOverride Indexes >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Sep 15 14:50:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.9 >Environment: Linux 2.0.36 #7 Tue Jan 12 17:06:38 GMT 1999 i586 unknown >Description: The only work arround to this involves giving users too much permissions.
To allow IndexIgnore directives in users .htaccess files I have to use AllowOverride Options or AllowOverride All Unlike the documentation: AllowOverride Indexes does not help. The trouble is if I AllowOverride Options users can give themselves CGI permissions! >How-To-Repeat: In access.conf <Directory /home/*/www*> Options Includes FollowSymLinks Indexes -ExecCGI AllowOverride FileInfo AuthConfig Limit Indexes order allow,deny allow from all </Directory> and serve a user page with IndexIgnore in the .htaccess and you get "internal server error" Add "Options" to AllowOveride (restart apache) and suddenly, no server error. >Fix: No. I looked in the source and I can't workout why options has this effect, but it plainly does! >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
