> On 27 Apr 2020, at 16:37, Eric Covener <cove...@gmail.com> wrote:
>
>
> Bumping a very old thread. tl;dr people are often surprised that when
> Location sections have access control directives and overlap with the
> filesystem it undoes the default
> <Files ".ht*">
> Require all denied
> </Files>
We always warn against mixing <Location> with filesystem. That's just
one of many gotchas that may arise from it.
I wonder if a better solution would be to be much stricter about the division?
Ideally make it a config error (switchable to a warning so as not to break too
many old configs) to overlap them?
A first-pass implementation might be for the Location directive
to issue a warning if it matches a directory in the filesystem.
--
Nick Kew
