On 21 Aug 2005, at 17:39, Joshua Slive wrote:
So I have apache 2.0.50 installed on Mandrake
A little bit of an old version.
OK It comes with mandrake 10.1 and I am a bit lazy :-)
The latest version is 2.0.54 and
http://ftp.physics.auth.gr/pub/mirrors/apache/httpd/CHANGES_2.0
doesn't mention anything relevant (AFAICS) between .50 and .54
Perhaps Ill upgrade and see.
In one of my virtual hosts I have
<Location />
Allow from all
</Location>
<Location /ppm/storyboard>
Options +Indexes
Allow from all **
</Location>
When I go to this location with a web browser I see the directory
index
but with no files UNLESS
I also include
<Directory /document root>
Allow from all
</Directory>
I do not see any files listed.
Why do I need the double Allow from all ??
Or more interestingly if access to the location is denied why dont I
get a forbidden message instead of an empty listing ?
Interesting. If you request the files inside the directory directly,
does it work?
Yes you can access the files. Accessing the files of course has nothing
to do with mod_autoindex.
It is as if the execute right is removed from the directory.
I haven't tested this myself, but my guess is that mod_autoindex
(which generates the directory listings) is doing a file-level
sub-request on each entry in the directory to see if it is accessible.
For some reason this sub-request is not processing the <Location>
sections, only the <Directory> sections.
Makes sense.
A bug then, or perhaps a security feature?
You still can see the directory itself because the main request is
honoring the <Location> section.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-------------------------------------------------------------------
Stuart Gall
Systems Administrator
-------------------------------------------------------------------
No user serviceable parts inside? Ill be the judge of that!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]