DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23346>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23346 .htaccess files bypassable by symbolic links Summary: .htaccess files bypassable by symbolic links Product: Apache httpd-2.0 Version: 2.0.40 Platform: PC OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: mod_auth AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hi, I've found that apache will ignore .htaccess files (or the equivalent <directory> directives) if the directory is by passed by a symbolic link. For example, if I have a virtual host at /www/bentest.co.uk, a .htacces file for password authentication at /www/bentest.co.uk/test/.htaccess and another directory at /www/bentest.co.uk/test/info then symbolically link that directory 'info' to /www/bentest.co.uk/mylink, the . htaccess file in the middle directory ('test') has been bypassed. This seems to be the case for all <directory> directives. Version 1.3.x manages it ok which is why I think it's a bug rather than designed that way. Thanks, Ben Sigmer Technologies Ltd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
