|
Apache LimitExcept returning Error 400 on permitted method
|
|
| Valentino | Date: Thursday, 2011-09-08, 11:50 AM | Message # 1 |
|
Colonel
Group: Administrators
Messages: 186
Status: Offline
| I have the following directive in my Apache httpd.conf:
<LimitExcept OPTIONS PROPFIND REPORT>
deny from all
</LimitExcept>
OPTIONS and PROPFIND work as expected, but REPORT returns 400: Bad Request. Remove the LimitExcept alltogether and everything works as expected.
Any ideas on why this might be?
(Please see my question here to see what I'm trying to do).
The access log shows:
192.168.161.1 - - [21/Jun/2010:08:42:26 +1000] "REPORT /logs/MV101Apps/!svn/bc/7699/MyApp/MyApps.edp HTTP/1.1" 400 101
The error log shows:
[Mon Jun 21 08:42:26 2010] [error] [client 192.168.161.1] client denied by server configuration: C:/Program Files/CollabNet/Subversion Server/httpd/htdocs/logs
Update
Ok, a quick inspection reveals that either with or without the <LimitExcept> the REPORT URL stays the same. This is what the log looks like without the <LimitExcept> (everything else in the config stayed the same):
192.168.161.1 - - [22/Jun/2010:21:03:42 +1000] "REPORT /logs/MV101Apps/!svn/bc/7821/MyApp/MyApps.edp HTTP/1.1" 200 115
(note that that URL is a Subversion URL as generated by the command svn log - I'm not the one adding the !svn to it)
The complete VirutalHost for /logs/ looks like this:
<Location /logs/>
DAV svn
SVNParentPath C:\SVN
<LimitExcept OPTIONS PROPFIND REPORT>
deny from all
</LimitExcept>
</Location>
|
| |
| |
| Valentino | Date: Thursday, 2011-09-08, 11:51 AM | Message # 2 |
|
Colonel
Group: Administrators
Messages: 186
Status: Offline
| This is what the latest mod_dav.c looks like in 2.2.15 (edited for brevity):
static int dav_method_report(request_rec *r)
{
int result;
apr_xml_doc *doc;
if ((result = ap_xml_parse_input(r, &doc)) != OK)
return result;
if (doc == NULL) {
return HTTP_BAD_REQUEST;
}
So, my gut instinct is that ap_xml_parse_input(r, &doc)) is leaving doc=NULL; based on not being able to access that questionable doc name (it has a ! in it??) and spitting back a 400:
"REPORT /logs/MV101Apps/!svn/bc/7699/MyApp/MyApps.edp HTTP/1.1"
...
client denied by server configuration: C:/Program Files/CollabNet/Subversion Server/httpd/htdocs/logs
...it smells like the problem lies in how virtual /logs/ from the access_log is mapped to this directory in error_log, and if there are proper access controls to allow the resources to be read from the location. We need to see all that config info next.
|
| |
| |
