Bug#457339: SetEnv vs. SetEnvif vs. php
Package: apache2.2-common
Version: 2.2.6-3
I have discovered a bug in the Debian apache2 and/or php packages.
Consider the following .htaccess file,
#SetEnvif User-Agent . ban
#SetEnv ban
Order Allow,Deny
Allow from all
Deny from env=ban
Looking in error.log, if you uncomment the first line, all you will see
[Fri Dec 21 23:23:23 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/
which is good. If instead you uncomment the second line, you get
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.html
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.cgi
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.pl
meaning that somehow index.php was forgotten on the list of things to stop!
Indeed, one scratches their head about why the effect is not the same
as the first.
Or http://localhost/manual/env.html should expound further the secrets
involved.
If so please reassign to apache2-doc. Thanks.
Reply to: