Skip to content

Instantly share code, notes, and snippets.

@muffl0n

muffl0n/vhost_test_file.conf

Last active August 29, 2015 14:21
Show Gist options
  • Save muffl0n/1097615adaf6e65fb22b to your computer and use it in GitHub Desktop.
Save muffl0n/1097615adaf6e65fb22b to your computer and use it in GitHub Desktop.
Download ZIP
Apache 2.4 File-/Location-Directive glitch
Raw
vhost_test_file.conf
<VirtualHost *:80>
ServerName test_file
DocumentRoot /tmp/test/htdocs
<Location "/">
Require all granted
</Location>
<Files "test.html">
AuthType Basic
AuthName "Test"
AuthUserFile /tmp/test/htpasswd
Require user test
</Files>
</VirtualHost>
Raw
vhost_test_location.conf
<VirtualHost *:80>
ServerName test_location
DocumentRoot /tmp/test/htdocs
<Location "/">
Require all granted
</Location>
<Location "/test.html">
AuthType Basic
AuthName "Test"
AuthUserFile /tmp/test/htpasswd
Require user test
</Location>
</VirtualHost>
@muffl0n
Copy link
Author

muffl0n commented May 20, 2015

It seems that the <File>-Directive does not override what's defined with <Location "/">:

Expected:

$ http --headers 127.0.0.1/test.html Host:test_file | head -1
HTTP/1.1 401 Unauthorized

$ http --headers 127.0.0.1/test.html Host:test_location | head -1
HTTP/1.1 401 Unauthorized

Actual:

$ http --headers 127.0.0.1/test.html Host:test_file | head -1
HTTP/1.1 200 OK

$ http --headers 127.0.0.1/test.html Host:test_location | head -1
HTTP/1.1 401 Unauthorized

@muffl0n
Copy link
Author

muffl0n commented May 21, 2015

According to http://httpd.apache.org/docs/2.4/sections.html#merging Location is evaluated after File and therefore overrides <Files "test.html">. So if I use

        <Directory "/tmp/test/htdocs">
                Require all granted
        </Directory>

instead of

        <Location "/">
                Require all granted
        </Location>

everything works as expected.

<VirtualHost *:80>
        ServerName test_directory
        DocumentRoot /tmp/test/htdocs

        <Directory "/tmp/test/htdocs">
                Require all granted
        </Directory>

        <Files "test.html">
                AuthType Basic
                AuthName "Test"
                AuthUserFile /tmp/test/htpasswd
                Require user test
        </Files>
</VirtualHost>

Result:

$ http --headers 127.0.0.1/test2.html Host:test_directory | head -1
HTTP/1.1 401 Unauthorized

Surprisingly according to http://httpd.apache.org/docs/2.2/sections.html#merging this behaviour didn't change from 2.2 to 2.4. But this clearly behaves different after upgrading to 2.4. Maybe there was a bug in 2.2?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment