Project

General

Profile

Actions

Bug #16552

closed

Webdav password is ignored and access is granted for all nodes in allowed networks

Added by Alexis Mousset almost 5 years ago. Updated about 4 years ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

Since apache 2.4 and changes in Require semantic, the allowed network and authentication are now both valid, so being in the allowed networks skips auth checks.

We need to add something like:

<RequireAll>
<RequireAny>
Require ip 127.0.0.1
...
</RequireAny>
Require valid-user

Actions

Also available in: Atom PDF