Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Docs

Unless I'm terribly confused

  

 
Apache docs RSS feed   Index | Next | Previous | View Threaded


wrowe at rowe-clan

Dec 31, 2007, 3:28 AM

Post #1 of 7 (1482 views)
Permalink
Unless I'm terribly confused
<Limit GET POST OPTIONS>
</Limit>
<LimitExcept GET POST OPTIONS>
</LimitExcept>

is a useless section.

Unfortunately, you can't have clashing (multiple) Limit's (or LimitExcepts)
in the context of a single directory. (Of course Limit is so broken in
such respects that it needs to be redone from the ground up).

<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>

should actually have been

<Directory "/home">
Order deny,allow
Deny from all
</Directory>

<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
</Directory>

which in effect denies all others by not overriding for other methods.

Right? Or have I lost my mind altogether?

Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


noodlet at gmail

Mar 10, 2008, 10:02 PM

Post #2 of 7 (1295 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
> <Limit GET POST OPTIONS>
> </Limit>
> <LimitExcept GET POST OPTIONS>
> </LimitExcept>
>
> is a useless section.

Hi Bill,
Obviously this post is ancient but its been bothering me since you posted it.

I can't see any instances of Limit and LimitExcept combined in the
manual (for trunk).

> Unfortunately, you can't have clashing (multiple) Limit's (or LimitExcepts)
> in the context of a single directory. (Of course Limit is so broken in
> such respects that it needs to be redone from the ground up).
>
> <Directory "/home/*/public_html">
> AllowOverride FileInfo AuthConfig Limit Indexes
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> <Limit GET POST OPTIONS>
> Order allow,deny
> Allow from all
> </Limit>
> <LimitExcept GET POST OPTIONS>
> Order deny,allow
> Deny from all
> </LimitExcept>
> </Directory>
>
> should actually have been
>
> <Directory "/home">
> Order deny,allow
> Deny from all
> </Directory>
>
> <Directory "/home/*/public_html">
> AllowOverride FileInfo AuthConfig Limit Indexes
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> <Limit GET POST OPTIONS>
> Order allow,deny
> Allow from all
> </Limit>
> </Directory>
>
> which in effect denies all others by not overriding for other methods.

That's from here presumably:

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/docs/conf/extra/httpd-userdir.conf.in

I don't know if I've the bits required to commit to that directory but
in any case I don't feel comfortable doing so. Is this still an issue,
then?

--
noodl

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


fielding at gbiv

Mar 10, 2008, 10:35 PM

Post #3 of 7 (1296 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
> On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
>> Unfortunately, you can't have clashing (multiple) Limit's (or
>> LimitExcepts)
>> in the context of a single directory. (Of course Limit is so
>> broken in
>> such respects that it needs to be redone from the ground up).

Why not? That was certainly the intention when I added it.

....Roy


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


wrowe at rowe-clan

Mar 10, 2008, 10:36 PM

Post #4 of 7 (1291 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
Vincent Bray wrote:
> On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
>> <Limit GET POST OPTIONS>
>> </Limit>
>> <LimitExcept GET POST OPTIONS>
>> </LimitExcept>
>>
>> is a useless section.
>
> Hi Bill,
> Obviously this post is ancient but its been bothering me since you posted it.
>
> I can't see any instances of Limit and LimitExcept combined in the
> manual (for trunk).

Thank goodness!

> That's from here presumably:
>
> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/docs/conf/extra/httpd-userdir.conf.in
>
> I don't know if I've the bits required to commit to that directory but
> in any case I don't feel comfortable doing so. Is this still an issue,
> then?

Yes - it still seems like an issue to me. I see lots of abuse of this
style of coding. It's one bit-flag in a directory section, and that
bit-flag only modifies the require/order/satisfy directives - really
rather bogus.

Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


wrowe at rowe-clan

Mar 10, 2008, 11:10 PM

Post #5 of 7 (1281 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
Roy T. Fielding wrote:
>> On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
>>> Unfortunately, you can't have clashing (multiple) Limit's (or
>>> LimitExcepts)
>>> in the context of a single directory. (Of course Limit is so broken in
>>> such respects that it needs to be redone from the ground up).
>
> Why not? That was certainly the intention when I added it.

Unless they entirely create a dir-section, it isn't going to work. Just
pondering it - I'll research.

But the way it's coded, there's nothing but the bit flag (previously
the string list) in the dir section, and AFAICT, there is no code in
there which actually creates a dir-section per <limit> artifact. The
<Limit> artifact is only observed by specific directives.

Re-investigating, this is now from 15 mos old memory...

Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


wrowe at rowe-clan

Mar 10, 2008, 11:21 PM

Post #6 of 7 (1295 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
Roy T. Fielding wrote:
>> On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
>>> Unfortunately, you can't have clashing (multiple) Limit's (or
>>> LimitExcepts)
>>> in the context of a single directory. (Of course Limit is so broken in
>>> such respects that it needs to be redone from the ground up).
>
> Why not? That was certainly the intention when I added it.

I just checked 1.3's ap_limit_section, the functionality to create
a dir-section is definitely not present. Two limit blocks in the
same location/directory will just clash with one another.

Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd


dhickox at cox

Mar 12, 2008, 12:20 AM

Post #7 of 7 (1284 views)
Permalink
Re: Unless I'm terribly confused [In reply to]
Hy,I do know if you are talking about me,not responding but Iwas unable the
"ant"with licences crash the computer and all 4000 emails where gone,
----- Original Message -----
From: "William A. Rowe, Jr." <wrowe [at] rowe-clan>
To: <docs [at] httpd>
Sent: Monday, March 10, 2008 10:36 PM
Subject: Re: Unless I'm terribly confused


> Vincent Bray wrote:
> > On 31/12/2007, William A. Rowe, Jr. <wrowe [at] rowe-clan> wrote:
> >> <Limit GET POST OPTIONS>
> >> </Limit>
> >> <LimitExcept GET POST OPTIONS>
> >> </LimitExcept>
> >>
> >> is a useless section.
> >
> > Hi Bill,
> > Obviously this post is ancient but its been bothering me since you
posted it.
> >
> > I can't see any instances of Limit and LimitExcept combined in the
> > manual (for trunk).
>
> Thank goodness!
>
> > That's from here presumably:
> >
> >
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/docs/conf/extra/h
ttpd-userdir.conf.in
> >
> > I don't know if I've the bits required to commit to that directory but
> > in any case I don't feel comfortable doing so. Is this still an issue,
> > then?
>
> Yes - it still seems like an issue to me. I see lots of abuse of this
> style of coding. It's one bit-flag in a directory section, and that
> bit-flag only modifies the require/order/satisfy directives - really
> rather bogus.
>
> Bill
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe [at] httpd
> For additional commands, e-mail: docs-help [at] httpd
>


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe [at] httpd
For additional commands, e-mail: docs-help [at] httpd

Apache docs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.