DO NOT REPLY [Bug 52304] New: Does Not Apply When URI Is Folder

Thu, 08 Dec 2011 12:06:39 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=52304

             Bug #: 52304
           Summary: <Limit> Does Not Apply When URI Is Folder
           Product: Apache httpd-2
           Version: 2.2.21
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified


I'm using the following <Limit> configuration to always allow OPTIONS requests
for any path. Trouble begins when a client asks for OPTIONS for any URI that
maps to an existing folder. Files, 404s and folders without a trailing slash
remain unaffected.

# Contrived (but literal!) httpd.conf snippet gets the point across
<Location />
        Deny from all
        <Limit OPTIONS>
                Allow from all
                Satisfy any
        </Limit>
</Location>

Trouble begins when a client asks for OPTIONS for any URI that maps to an
existing folder.  Example client requests and the Apache response:

Client: OPTIONS /isAFile HTTP/1.1
Apache: 200 OK

Client: OPTIONS /doesNotExist HTTP/1.1
Apache: 200 OK

Client: OPTIONS /doesNotExist/ HTTP/1.1
Apache: 200 OK

Client: OPTIONS /isAFolder HTTP/1.1
Apache: 301 Location: /isAFolder/ (mod_dir behavior)

Client: OPTIONS /isAFolder/ HTTP/1.1
Apache: 403 Forbidden (PROBLEM RESPONSE!)


Correct responses (200 OK) are given to all requests for files or non-existent
files or folders.

Correct responses (301 Redirect) is also given to requests for real folders
that are missing the trailing slash.

A problem response occurs when the URI 1) Maps to a real folder and 2) Contains
a trailing slash.

Summary: I cannot get Apache to always allow OPTIONS requests that map to real
folders.

I just compiled and installed a vanilla 2.2.21 build on Linux to verify that
the problem exists without any third party modules loaded.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to