On 21 Aug 2005, at 17:39, Joshua Slive wrote:
So I have apache 2.0.50 installed on MandrakeA little bit of an old version.
OK It comes with mandrake 10.1 and I am a bit lazy :-) The latest version is 2.0.54 and http://ftp.physics.auth.gr/pub/mirrors/apache/httpd/CHANGES_2.0 doesn't mention anything relevant (AFAICS) between .50 and .54 Perhaps Ill upgrade and see.
In one of my virtual hosts I have <Location /> Allow from all </Location> <Location /ppm/storyboard> Options +Indexes Allow from all ** </Location> When I go to this location with a web browser I see the directory index but with no files UNLESS I also include <Directory /document root> Allow from all </Directory> I do not see any files listed. Why do I need the double Allow from all ?? Or more interestingly if access to the location is denied why dont I get a forbidden message instead of an empty listing ?Interesting. If you request the files inside the directory directly, does it work?
Yes you can access the files. Accessing the files of course has nothing to do with mod_autoindex. It is as if the execute right is removed from the directory.
I haven't tested this myself, but my guess is that mod_autoindex (which generates the directory listings) is doing a file-level sub-request on each entry in the directory to see if it is accessible. For some reason this sub-request is not processing the <Location> sections, only the <Directory> sections.
Makes sense. A bug then, or perhaps a security feature?
You still can see the directory itself because the main request is honoring the <Location> section. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
------------------------------------------------------------------- Stuart Gall Systems Administrator ------------------------------------------------------------------- No user serviceable parts inside? Ill be the judge of that! --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx