>Number: 5264 >Category: os-windows >Synopsis: Case Sensitive matching of Authentication locations in Windows >Apache >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Nov 6 23:20:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.9 (Win32) >Environment: Windows NT Server 4.0 SP5 (binary version of Apache). >Description: The following configuration is used to deny access to a section of a website.
<Location "/~Brook.Schofield/JOURNAL/ARTICLES/"> AllowOverride None Options None AuthType Basic AuthName "MY JOURNAL" AuthUserFile "D:\ Staff [NHM]\Brook Schofield\Private\auth.htpass require valid-user </Location> This works successfully but not if the URL is entered in a different case. How is a case insensitive location added for Apache on Windows NT. >How-To-Repeat: Use the above configuration on a Windows version of Apache and look at the URL's. Alternatively try the following This URL requests HTTP Authentication: http://www.educ.utas.edu.au/~Brook.Schofield/JOURNAL/ARTICLES/ This URL does not: http://www.educ.utas.edu.au/~Brook.Schofield/JOURNAL/Articles/ >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
