Hi Alexander. I made some tests on my own Icinga now (with Apache 2.2)...
As I noted before there is something fishy in Apache when making the regexps safe (by adding a trailing /) and when _directly_ accessing content on the server. With a trailing / it works, without not although all this is done on DirectoryMatch (and not LocationMatch) where it shouldn't matter at all. Anyway,... all the directories we use: /usr/share/icinga/htdocs /usr/lib/cgi-bin/icinga /etc/icinga/stylesheets are not "directly" served (i.e. under the vhosts DocumentRoot) but via Aliase directives... and it seems that the problem from above doesn't apply then. So my previous suggestion for a safer (and nanoseconds faster ;-) ) pattern: "^(?:/usr/share/icinga/htdocs|/usr/lib/cgi-bin/icinga|/etc/icinga/stylesheets)/" should be ok to use. I personally consider it more aesthetic to add the trailing / outside of the (), because then one cannot forget it, if new dirs shall be ever added to the list. Oh and it would be great if you could answer, whether these apache configs are from somewhere at upstream or pure debian :) Cheers, Chris. btw: I guess there's something similar for the Nagios packages?
smime.p7s
Description: S/MIME cryptographic signature

