Bug#457339: SetEnv vs. SetEnvif vs. php

To: submit@bugs.debian.org
Subject: Bug#457339: SetEnv vs. SetEnvif vs. php
From: jidanni@jidanni.org
Date: Sat, 22 Dec 2007 00:05:37 +0800
Message-id: <[🔎] 87wsr8dodq.fsf@jidanni.org>
Reply-to: jidanni@jidanni.org, 457339@bugs.debian.org

Package: apache2.2-common
Version: 2.2.6-3

I have discovered a bug in the Debian apache2 and/or php packages.
Consider the following .htaccess file,

#SetEnvif User-Agent . ban
#SetEnv ban
Order Allow,Deny
Allow from all
Deny from env=ban

Looking in error.log, if you uncomment the first line, all you will see
[Fri Dec 21 23:23:23 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/
which is good. If instead you uncomment the second line, you get
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.html
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.cgi
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.pl
meaning that somehow index.php was forgotten on the list of things to stop!

Indeed, one scratches their head about why the effect is not the same
as the first.

Or http://localhost/manual/env.html should expound further the secrets
involved.

If so please reassign to apache2-doc. Thanks.

Reply to:

Follow-Ups:
- Bug#457339: SetEnv vs. SetEnvif vs. php
  - From: Stefan Fritsch <sf@sfritsch.de>

Prev by Date: cleaner perl printenv
Next by Date: Re: exiting prefork child doesn't clear request pool
Previous by thread: Re: cleaner perl printenv
Next by thread: Bug#457339: SetEnv vs. SetEnvif vs. php
Index(es):
- Date
- Thread