Ticket #825 (closed defect: fixed)

Opened 2 years ago

Last modified 13 months ago

url.access-deny ( ".ext" ) still serves "/file.ext/"

Reported by: skoot@… Owned by: jan
Priority: normal Milestone: 1.4.16
Component: mod_access Version: 1.4.11
Severity: major Keywords:
Cc: Blocked By:
Need User Feedback: no Blocking:

Description

The summary says it all.

Attachments

Change History

Changed 23 months ago by pp

This isn's normal priority, this is critical! The whole mod_access isn't worth anything while this bug exists...

Changed 23 months ago by pp

Also, banning ".ext/" isn't enough, as the file will still be served for "file.ext/a".

There is a workaround by setting a

"^.*\.inc.*$" => "404.html"

rewrite rule. However, this may lead to some side-effects (also banning *.inca, etc.), so the final rules that allow just what you want may get a bit complex.

Changed 18 months ago by jwmcglynn

I can't reproduce this bug on my production 1.4.11 server. Perhaps it is related to using rewrite rules?

Changed 13 months ago by jan

  • status changed from new to closed
  • resolution set to fixed
  • pending unset
  • milestone set to 1.4.16

duplicate of #1230

it is fixed in 1.4.16

Add/Change #825 (url.access-deny ( ".ext" ) still serves "/file.ext/")

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.