Just noticed some strangeness since we switched from 0.6.5 to 0.8.8
on one of our boxes. Under 0.6.5 a .htaccess file of the form:
---
AuthUserFile /home/www/htdocs/.htpasswd
AuthGroupfile /dev/null
AuthName ByPassword
AuthType Basic
<limit GET>
require user TIS
</limit>
---
allowed people to POST to scripts that it was protecting. While under 0.8.8
we get the 'correct' behaviour of not allowing POSTs to scripts. A long-running
application's .htaccess had to be changed to:
...
<limit GET POST>
...
to allow POSTs to get through.
It seems that sometime before 0.6.5 the real NCSA 1.3R behaviour got dropped
and might only have been recovered when we went to a Shambahla Core, an
observation supported by Paul Richards who's running Shambahla on one of his
test servers.
Anyway, to reiterate. Some .htaccess files that are fine for Apache 0.6.5 will
break under 0.8.8 (and presumable 0.8.9). Does this point warrant a notice
in the known bugs list - even if it's really 0.6.5 that is in error!!
Comments?
Ay.
Andrew Wilson URL: http://www.cm.cf.ac.uk/User/Andrew.Wilson/
Elsevier Science, Oxford Office: +44 01865 843155 Mobile: +44 0589 616144
on one of our boxes. Under 0.6.5 a .htaccess file of the form:
---
AuthUserFile /home/www/htdocs/.htpasswd
AuthGroupfile /dev/null
AuthName ByPassword
AuthType Basic
<limit GET>
require user TIS
</limit>
---
allowed people to POST to scripts that it was protecting. While under 0.8.8
we get the 'correct' behaviour of not allowing POSTs to scripts. A long-running
application's .htaccess had to be changed to:
...
<limit GET POST>
...
to allow POSTs to get through.
It seems that sometime before 0.6.5 the real NCSA 1.3R behaviour got dropped
and might only have been recovered when we went to a Shambahla Core, an
observation supported by Paul Richards who's running Shambahla on one of his
test servers.
Anyway, to reiterate. Some .htaccess files that are fine for Apache 0.6.5 will
break under 0.8.8 (and presumable 0.8.9). Does this point warrant a notice
in the known bugs list - even if it's really 0.6.5 that is in error!!
Comments?
Ay.
Andrew Wilson URL: http://www.cm.cf.ac.uk/User/Andrew.Wilson/
Elsevier Science, Oxford Office: +44 01865 843155 Mobile: +44 0589 616144