Received: (qmail 23417 invoked by uid 2012); 15 Sep 1999 21:43:40 -0000 Message-Id: <19990915214340.23416.qmail@hyperreal.org> Date: 15 Sep 1999 21:43:40 -0000 From: Samuel Liddicott Reply-To: sam@bigwig.net To: apbugs@hyperreal.org Subject: IndexIgnore in .htaccess is governed by AllowOverride Options NOT AllowOverride Indexes X-Send-Pr-Version: 3.2 >Number: 5015 >Category: mod_autoindex >Synopsis: IndexIgnore in .htaccess is governed by AllowOverride Options NOT AllowOverride Indexes >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Sep 15 14:50:01 PDT 1999 >Last-Modified: Thu Sep 16 07:40:00 PDT 1999 >Originator: sam@bigwig.net >Organization: >Release: 1.3.9 >Environment: Linux 2.0.36 #7 Tue Jan 12 17:06:38 GMT 1999 i586 unknown >Description: The only work arround to this involves giving users too much permissions. To allow IndexIgnore directives in users .htaccess files I have to use AllowOverride Options or AllowOverride All Unlike the documentation: AllowOverride Indexes does not help. The trouble is if I AllowOverride Options users can give themselves CGI permissions! >How-To-Repeat: In access.conf Options Includes FollowSymLinks Indexes -ExecCGI AllowOverride FileInfo AuthConfig Limit Indexes order allow,deny allow from all and serve a user page with IndexIgnore in the .htaccess and you get "internal server error" Add "Options" to AllowOveride (restart apache) and suddenly, no server error. >Fix: No. I looked in the source and I can't workout why options has this effect, but it plainly does! >Audit-Trail: From: Marc Slemko To: Samuel Liddicott Cc: apbugs@hyperreal.org Subject: Re: mod_autoindex/5015: IndexIgnore in .htaccess is governed by AllowOverride Options NOT AllowOverride Indexes Date: Wed, 15 Sep 1999 17:19:19 -0600 (MDT) On 15 Sep 1999, Samuel Liddicott wrote: > The trouble is if I AllowOverride Options > users can give themselves CGI permissions! > >How-To-Repeat: > In access.conf > > Options Includes FollowSymLinks Indexes -ExecCGI > AllowOverride FileInfo AuthConfig Limit Indexes > > order allow,deny > allow from all > > and serve a user page with IndexIgnore in the .htaccess and you get "internal server error" > Add "Options" to AllowOveride (restart apache) and suddenly, no server error. What exactly is in the .htaccess file and what exactly is the error log saying? State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Thu Sep 16 07:31:30 PDT 1999 State-Changed-Why: Closed by user request. From: Marc Slemko To: Apache bugs database Cc: Subject: mod_autoindex/5015: IndexIgnore in .htaccess is governed byAllowOverride Options NOT AllowOverride Indexes (fwd) Date: Thu, 16 Sep 1999 08:31:16 -0600 (MDT) ---------- Forwarded message ---------- Date: Thu, 16 Sep 1999 14:27:27 +0100 From: Samuel Liddicott To: "Marcs@Znep. Com" Subject: FW: mod_autoindex/5015: IndexIgnore in .htaccess is governed byAllowOverride Options NOT AllowOverride Indexes > I'm a fool, I'm a fool, I'm a fool. > > Doh! > > My fault. > > ObExcuse: Its a combination of a problem when I was new to apache and > misunderstood the docos causing me to jump to conclusions with what is > actuall a problem with php3 directives I now have which require options > override! > > NO bug. (Hence the source looked ok) > > Sorry, and thanks for the quick response. > > Sam > > > -----Original Message----- > > From: Marc Slemko [mailto:marcs@znep.com] > > Sent: 16 September 1999 00:19 > > To: Samuel Liddicott > > Cc: apbugs@hyperreal.org > > Subject: Re: mod_autoindex/5015: IndexIgnore in .htaccess is governed > > byAllowOverride Options NOT AllowOverride Indexes > > > > > > On 15 Sep 1999, Samuel Liddicott wrote: > > > > > The trouble is if I AllowOverride Options > > > users can give themselves CGI permissions! > > > >How-To-Repeat: > > > In access.conf > > > > > > Options Includes FollowSymLinks Indexes -ExecCGI > > > AllowOverride FileInfo AuthConfig Limit Indexes > > > > > > order allow,deny > > > allow from all > > > > > > and serve a user page with IndexIgnore in the .htaccess and you > > get "internal server error" > > > Add "Options" to AllowOveride (restart apache) and suddenly, no > > server error. > > > > What exactly is in the .htaccess file and what exactly is the error log > > saying? > > >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]