From marcs@znep.com Fri May 30 14:31:53 1997 Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by hyperreal.com (8.8.5/8.8.5) with ESMTP id OAA26033 for ; Fri, 30 May 1997 14:31:51 -0700 (PDT) Message-Id: Date: Fri, 30 May 1997 15:29:45 -0600 (MDT) From: Marc Slemko To: apbugs@apache.org Subject: Re: Changed information for PR config/637 (fwd) >Number: 642 >Category: config >Synopsis: Re: Changed information for PR config/637 (fwd) >Confidential: yes >Severity: serious >Priority: medium >Responsible: apache >State: closed >Class: mistaken >Submitter-Id: unknown >Arrival-Date: Fri May 30 14:40:00 1997 >Last-Modified: Sat May 31 21:32:41 PDT 1997 >Originator: >Organization: >Release: >Environment: >Description: >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From->To: open->closed State-Changed-By: coar State-Changed-When: Sat May 31 21:32:39 PDT 1997 State-Changed-Why: Text has been sent to be attached to the correct PR.. Class-Changed-From->To: sw-bug->mistaken Class-Changed-By: coar Class-Changed-When: Sat May 31 21:32:39 PDT 1997 Responsible-Changed-From->To: gnats-admin (GNATS administrator)->apache Responsible-Changed-By: coar Responsible-Changed-When: Sat May 31 21:32:39 PDT 1997 Responsible-Changed-Why: Changing this `pending' report to a dead letter. Poof%2 Category-Changed-From->To: pending->config Category-Changed-By: coar Category-Changed-When: Sat May 31 21:32:39 PDT 1997 >Unformatted: ---------- Forwarded message ---------- Date: Fri, 30 May 1997 15:57:49 -0400 (EDT) From: Gregg TeHennepe To: marc@hyperreal.com Subject: Re: Changed information for PR config/637 On Fri, 30 May 1997 marc@hyperreal.com wrote: > Synopsis: ~user requests are served regardless of server access config > > State-Changed-From-To: open-analyzed > State-Changed-By: marc > State-Changed-When: Fri May 30 12:31:50 PDT 1997 > State-Changed-Why: > Can't duplicate the problem here. Please send a copy of > your config files. You may also want to give b11 a try. Hi Marc, Erf, I've discovered my confusion. When using the directive suggested by the "Protect server files by default" section security of the Security Tips (ie without AllowOverride), I am able to override from a ~user's .htaccess. However with AllowOverride None in the server config file, I am denied (as is mentioned in the section "Stopping user overriding system wide settins..."). My mistaken assumption was that the default for a Directory/Location directive not explicity setting Options and AllowOverride was None and None. Perhaps it would be a good idea to mention AllowOverride None in the "Protect server files..." section of the Security Tips as well. Also, some mention of the default behavior in the doc pages for the AllowOverride and Options directives would be a good thing. Apologies for the misreport... Cheers - Gregg Gregg TeHennepe | Unix Systems Administrator | The Jackson Laboratory gat@jax.org | http://www.jax.org/~gat | Bar Harbor, Maine USA