autoindex: showing directory it shouldn't

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Summary of my problem: mod_autoindex is showing directories that a logged in user doesn't have access to when using Require group.  When using Require user, it's properly not shown.  ShowForbidden is never turned on.

Details:

Oracle Linux 6u4 (RHEL6u4)
httpd-2.2.15-26.0.1.el6.x86_64
mod_authz_ldap-0.26-16.el6.x86_64

* mkdir -p /tmp/test/{1,2,3}
* cat "Require group blahblah "> /tmp/test/1/.htaccess
* set perms to 775
* Configure a virtual host with /tmp/test as the DocumentRoot and setup ldap authorization and authentication via mod_authz_ldap.  Test with a user not in group 'blahblah'. Basic auth.
* Turn on Options Index  (ShowForbidden is NOT on.)

Browse to the doc root, and I can see directories 1, 2, and 3. (From my understanding, I shouldn't see 1.)  Trying to browse into directory 1 and I'm properly forbidden.
 
* Change .htaccess file to 'Require user notmyuser'

Browse to the doc root.  Now I can only see directories 2 and 3.  (Proper behavior.)

Any help would be appreciated, this is driving me crazy!  Thanks!

--
Bruce Z. Lysik <blysik@xxxxxxxxx>
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux