Public bug reported: $ (end-of-line anchor) seems to break regular expressions with the Directory config directive.
The $ is not being treated literally, but it is not ignored either. If present, it seems to completely prevent matching. Steps to demonstrate: 1. Create the following test files in your tree (e.g. under /var/www/somewhere): echo "should be protected" > foo.BAK mkdir dir.BAK echo "should be protected" >dir.BAK/file echo "should be readable" > french.BAKERY 2. Add to /etc/apache2/apache2.conf: # This is intended to prevent access to any *.BAK (or contents, if directory) # Note: We are using a regular expression, not wildcard syntax, and there is # no initial ^ anchor. Therefore it should match at the tail of any path. <Directory ~ "\.BAK$"> Order allow,deny Deny from all Satisfy all </Directory> 3. sudo /etc/init.d/apache2 restart 4. Try to access the files. wget -O- http://localhost/somewhere/foo.BAK # should get permission denied, but succeeds wget -O- http://localhost/somewhere/dir.BAK/file # should get permission denied, but succeeds wget -O- http://localhost/somewhere/french.BAKERY # succeeds wget -O- http://localhost/somewhere/'foo.BAK$' # fails, proving the $ does not match literally 5. Remove the trailing "$" from the Directory ~ regex in apache2.conf, and restart the server 6. Test again: wget -O- http://localhost/somewhere/foo.BAK # permission denied as expected wget -O- http://localhost/somewhere/dir.BAK/file # permission denied as expected wget -O- http://localhost/somewhere/french.BAKERY # should succeed, but FAILS (because the regexp is not anchored at the end) ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: apache2 2.2.20-1ubuntu1.2 ProcVersionSignature: Ubuntu 3.0.0-16.28-generic 3.0.17 Uname: Linux 3.0.0-16-generic x86_64 NonfreeKernelModules: fglrx Apache2ConfdDirListing: ['other-vhosts-access-log', 'localized-error-pages', 'security', 'charset'] ApportVersion: 1.23-0ubuntu4 Architecture: amd64 Date: Mon Mar 5 21:08:07 2012 InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012) ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: apache2 UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.apache2.apache2.conf: [modified] mtime.conffile..etc.apache2.apache2.conf: 2012-03-05T21:07:48.481293 ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug oneiric -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/947744 Title: $ anchor doesn't work in Directory ~ regexp To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/947744/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs