Hi,
Summary of my problem: mod_autoindex is showing directories that a logged in
user doesn't have access to when using Require group. When using Require user,
it's properly not shown. ShowForbidden is never turned on.
Details:
Oracle Linux 6u4 (RHEL6u4)
httpd-2.2.15-26.0.1.el6.x86_64
mod_authz_ldap-0.26-16.el6.x86_64
* mkdir -p /tmp/test/{1,2,3}
* cat "Require group blahblah "> /tmp/test/1/.htaccess
* set perms to 775
* Configure a virtual host with /tmp/test as the DocumentRoot and setup ldap
authorization and authentication via mod_authz_ldap. Test with a user not in
group 'blahblah'. Basic auth.
* Turn on Options Index (ShowForbidden is NOT on.)
Browse to the doc root, and I can see directories 1, 2, and 3. (From my
understanding, I shouldn't see 1.) Trying to browse into directory 1 and I'm
properly forbidden.
* Change .htaccess file to 'Require user notmyuser'
Browse to the doc root. Now I can only see directories 2 and 3. (Proper
behavior.)
Any help would be appreciated, this is driving me crazy! Thanks!
--
Bruce Z. Lysik <[email protected]>
