Closed
Bug 307477
Opened 19 years ago
Closed 19 years ago
.htaccess file with wrong regexp by default
Categories
(Bugzilla :: Installation & Upgrading, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: fbscarel, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050822 Firefox/1.0.6 (Debian package 1.0.6-3) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050822 Firefox/1.0.6 (Debian package 1.0.6-3) The .htaccess (in the bugzilla root directory) file that came along with the default installation of Bugzilla is not blocking access to localconfig. I changed it into (separating the clauses '.pl' and localconfig) and it worked: --- # don't allow people to retrieve non-cgi executable files or our private data <FilesMatch ^(.*\.pl)$> deny from all </FilesMatch> <FilesMatch ^(localconfig|runtests.sh)$> deny from all </FilesMatch> <FilesMatch ^(localconfig.js|localconfig.rdf)$> allow from all </FilesMatch> --- Reproducible: Always Steps to Reproduce: 1.Install Bugzilla and use the default .htaccess file 2. 3. Actual Results: I could access localconfig through the browser without being asked for any password whatsoever. Expected Results: Block the access to the file, returning an Error 403 Forbidden.
|
||
Comment 1•19 years ago
|
||
That .htaccess file does not look like the one we create. Exactly what version of bugzilla are you using and where did you get it?
|
Reporter | |
Comment 2•19 years ago
|
||
I'm using 2.18.3; about the htaccess file I modified it myself because it wasn't working (since localconfig was wide open).
|
||
Comment 3•19 years ago
|
||
Felipe, we need more information about your configuration. I cannot reproduce neither on the 2.18 branch nor on the tip, using Linux, Perl 5.8.6 and Apache 2.0.53. And running testserver.pl confirms this: TEST-OK Webserver is preventing fetch of http://localhost/bugzilla218/localconfig.
|
|
||
Comment 4•19 years ago
|
||
I pulled 2.18.3 and tried it. No such problem. Felipe, Please move your .htaccess file to .htaccess.felipe and run checksetup and see what .htaccess file it generates (and attach it here). Did you get 2.18.3 from our CVS or did you get a tarfile from someone with a .htaccess file in it?
|
|
Reporter | |
Comment 5•19 years ago
|
||
Well maybe i got confused after so much edits on the .htaccess file then. I got it from bugzillas's site (not CVS) and since it was not working because of another problem ( https://bugzilla.mozilla.org/show_bug.cgi?id=299468 ) then I started trying every possibility. Sorry for the inconvenience.
|
|
Reporter | |
Comment 6•19 years ago
|
||
In fact, i moved out my edited .htaccess file and run checksetup.pl and it is still working. It is not a bug after all, I got it wrong. Sorry there guys, and thanks for the attention.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
|
||
Comment 8•19 years ago
|
||
verf. This works for me too. It's possible that you had Apache configured to ignore .htaccess files, which obviously would produce this result. In any case, I'm glad it works.
Status: RESOLVED → VERIFIED
|
||
Updated•19 years ago
|
Severity: major → trivial
You need to log in
before you can comment on or make changes to this bug.
Description
•