DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38812>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38812 Summary: <Limit> broken with refactored provider-based authz Product: Apache httpd-2 Version: 2.3-HEAD Platform: All OS/Version: other Status: NEW Severity: regression Priority: P2 Component: Other Modules AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] [Module: mod_authz_core. Not listed as a component.] The following sample configuration should allow all non-POST requests, and with 2.2.0 it does. However, with 2.3, non-POST requests are unconditionally denied. <Location /test2> AuthType Basic AuthName "Test Limit Realm" <Limit POST> Require valid-user </Limit> </Location> This occurs due to the following too-simple logic in mod_authz_core.c:check_provider_list(): if (!(current_provider->method_mask & (AP_METHOD_BIT << r->method_number))) { return AUTHZ_DENIED; } -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
