View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0021588 | mantisbt | security | public | 2016-08-03 12:05 | 2017-02-01 22:47 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Target Version | 1.3.6 | Fixed in Version | 1.3.6 | ||
Summary | 0021588: Update .htaccess files to support Apache 2.4 new authz syntax | ||||
Description | Apache 2.4 introduced significant changes in authorization configuration [1]. We should adapt our .htaccess files to support the new syntax if available, while maintaining compatibility with 2.2 syntax as suggested in [2]. [1] https://httpd.apache.org/docs/trunk/upgrading.html#run-time | ||||
Additional Information | This was initially reported on IRC by user CRCinAU | ||||
Tags | No tags attached. | ||||
I'd like to give this a nudge. It still hasn't been fixed in the 2.0.0 release. It currently makes any .htaccess restrictions useless for apache 2.4 users out of the box. I use / create the following to overwrite any current .htaccess file in the source tree: |
|
Sorry, this fell off the radar. |
|
Targetting 1.3.x since we support (and recommend) Apache 2.4 there |
|
MantisBT: master-1.3.x f1f8658a 2017-01-13 07:29 Details Diff |
.htaccess files Apache 2.4 compatibility update The .htaccess files used to restrict access to specific directories follow the Apache 2.2 mod_authz_host module syntax [1] (Order, Allow, Deny). Apache 2.4 introduced a new module mod_authz_core [2], with a different, incompatible directive (Require). Consequently, unless the compatibility module access_compat is enabled, the obsolete ones will cause Apache configuration errors to occur when the .htaccess file is read. To avoid this, the .htaccess files are modified to use the new syntax when an Apache 2.4 server is detected, and fall back to the old directives otherwise. Fixes 0021588 [1] https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html [2] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html |
Affected Issues 0021588 |
|
mod - config/.htaccess | Diff File | ||
mod - core/.htaccess | Diff File | ||
mod - doc/.htaccess | Diff File | ||
mod - lang/.htaccess | Diff File | ||
mod - library/.htaccess | Diff File | ||
mod - library/README.md | Diff File | ||
mod - library/securimage | Diff File | ||
mod - plugins/.htaccess | Diff File | ||
mod - scripts/.htaccess | Diff File |