libapache2-mod-rpaf 0.6.9 doesn't work well in combination with deny/allow operators
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libapache2-mod-rpaf (Ubuntu) |
Confirmed
|
Undecided
|
Sergey B Kirpichev | ||
Bug Description
On Ubuntu release 13.04 which comes with libapache2-mod-rpaf 0.6-9 there is an unexpected behavior of the combination of libapache2-mod-rpaf and the order allow/deny operators.
How to reproduce:
create .htaccess file with the following set:
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 5.5.5.5
</Limit>
Enable mod_rpaf and set your proxies ips.
Put the apache behind a reverse proxy and surf the protected url from 5.5.5.5,
you will receive the following error in the error log:
[error] [client 5.5.5.5] client denied by server configuration: /path/to/
Although the correct client IP shown in the error log, seems like Apaches initiates the access list policy check before mod_rpaf fires.
Makes the system unusable.
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in libapache2-mod-rpaf (Ubuntu): | |
| status: | New → Confirmed |
| Sergey B Kirpichev (skirpichev) wrote | #2 |
| Changed in libapache2-mod-rpaf (Ubuntu): | |
| assignee: | nobody → Sergey B Kirpichev (skirpichev) |
Status changed to 'Confirmed' because the bug affects multiple users.