[Bug 65193] New: directive does not only match the basename

bugzilla Thu, 18 Mar 2021 03:01:47 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=65193


            Bug ID: 65193
           Summary: <Files> directive does not only match the basename
           Product: Apache httpd-2
           Version: 2.4.46
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

The documentation says that <Files> is "applied to any object with a basename
(last component of filename) matching the specified filename". This does not
always seem to be the case.

Consider this configuration:

DocumentRoot /var/www/html
# Deny access to "hidden" files
<Files ".*">
        Require all denied
</Files>

Assume that /var/www/html/.well-known does not exist.
Then the request "GET /.well-known/security.txt" returns 403 Forbidden instead
of the expected 404 Not Found although .well-known is not the basename of the
requested file.

If /var/www/html/.well-known/ exists, but
/var/www/html/.well-known/security.txt does not, we get the expected 404 Not
Found.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 65193] New: directive does not only match the basename

Reply via email to