DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30223>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30223 Adding period bypasses URI match Summary: Adding period bypasses URI match Product: Apache httpd-2.0 Version: 2.0.47 Platform: PC OS/Version: Windows XP Status: UNCONFIRMED Severity: Critical Priority: Other Component: mod_access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When my configuration settings where: <Location /administrator/stats> AuthName "Statistics" AuthType Basic AuthUserFile conf/access Require valid-user DirectoryIndex index.php </Location> I noticed loading http://dwatson.ath.cx/administrator/stats. or http://dwatson.ath.cx/administrator/stats./ would result in bypassing the authentication requirements. I fixed the problem by using <Directory D:\dwatson.ath.cx\htdocs\administrator\stats>, however I believe this to be a fault in the Location due to Microsoft mapping of "directory." (and "directory.." etc) to "directory", and should be fixed by mapping directories with suffixed periods to a 404 error document. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
