DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10667>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10667 server-status does not limit access using allow from/deny from Summary: server-status does not limit access using allow from/deny from Product: Apache httpd-1.3 Version: 1.3.26 Platform: All OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: Auth/Access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] It would appear in one of the latest versions of httpd 1.3.26 (maybe earlier) someone broke the server-status access code. Despite having allow/deny froms (see below), /server-status is still readable by all (don't beleive me, try http://www.apache.org/server-status) <Location /server-status> SetHandler server-status order deny,allow Deny from all Allow from 192.168.0 Allow from 24.65.162.171 </Location> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
