https://bz.apache.org/bugzilla/show_bug.cgi?id=50926
--- Comment #2 from Mercedes Govan <melindafrechette...@hotmail.com> --- (In reply to Eric Covener from comment #0) > DocumentRoot /tmp/var/www > ... > > <Directory /tmp/var/www/index.html> > Require all denied > </Directory> > > > (or more subtly, a glob like /tmp/var/www/*, /tmp/var/www/ind*, or even > /tmp/var/www/ind*/) > > This triggers a 403 for http://localhost/index.html > https://geometrydashlite.online The equivalent with > order/allow also behaves the same way in 2.2.x. > > > Should the directory walk have been able to realize that the target was a > file and the last segment can't be compared with directory sectons? > > Maybe something to change before 2.4 GA? Please change to docs@ if it's as > designed. It looks like you're discussing a configuration issue related to Apache's handling of directory permissions. Specifically, it seems you're encountering a 403 Forbidden error when accessing a file (index.html) due to the way the <Directory> directive is set up. Understanding the Issue In your configuration: <Directory /tmp/var/www/index.html> Require all denied </Directory> This directive is applied to the file index.html, which is not the typical use case for the <Directory> directive. Instead, <Directory> is generally used to apply rules to directories, not individual files. Expected Behavior When you specify a <Directory> directive, Apache performs a directory walk to check permissions. Since index.html is a file, it seems that Apache treats it as a directory path, leading to the 403 Forbidden response because the permissions deny access to that "directory." Possible Solutions Use <Files> Directive: If you want to deny access to a specific file, consider using the <Files> directive instead: <Files "index.html"> Require all denied </Files> Correct the <Directory> Path: If you want to deny access to all files within that directory, you could specify the directory itself: <Directory /tmp/var/www/> Require all denied </Directory> Directory Walk Behavior Your question about whether the directory walk should recognize that the last segment is a file is valid. As it stands, Apache treats the path as a directory, which can lead to confusion. If this behavior is considered a design flaw, it may be worth reporting to the Apache development team for further review before the 2.4 GA release. Reporting the Issue If you believe this is an issue that should be addressed, you can email the Apache documentation team at docs@ with your observations and suggestions for improvement. Provide them with details about your experience and how the behavior could be more intuitive. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
