filesmatch suspends AccessFileName?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

interesting thing here. Ist this a bug or expected?
Apache is 2.2.23
Costumer uses .htaccess which uses some SetEnvIfNoCase Directives to filter bad bots. 
the allow,deny directive is placed within a filesmatch directive.
example:

SetEnvIfNoCase user-agent "hallohallo" bad_bot=1

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</FilesMatch>
The regex in filesmatch Directive is quite useless but this leads to the problem that .htaccess file can called by http in browser and shows all of its contents. 

http://example.com/.htaccess
Seems to me quite simple for a user to disclose his .htaccess contents by simple filesmatch directive which suddenly ignores AccessFileName directive. 
Is this a bug or expected?

Thanks,
Hajo 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux