Bug #16552: Webdav password is ignored and access is granted for all nodes in allowed networks - Rudder - Issue Tracker

Actions

Copy link

Bug #16552

closed

Webdav password is ignored and access is granted for all nodes in allowed networks

Added by Alexis Mousset over 4 years ago. Updated over 3 years ago.

Status:

Released

Priority:

N/A

Assignee:

Alexis Mousset

Category:

Security

Target version:

6.0.5

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Reviewed

Fix check:

Checked

Regression:

Description

Since apache 2.4 and changes in Require semantic, the allowed network and authentication are now both valid, so being in the allowed networks skips auth checks.

We need to add something like:

<RequireAll>
<RequireAny>
Require ip 127.0.0.1
...
</RequireAny>
Require valid-user

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #16552

Webdav password is ignored and access is granted for all nodes in allowed networks

Updated by Alexis Mousset about 4 years ago

Updated by Vincent MEMBRÉ about 4 years ago

Updated by Vincent MEMBRÉ about 4 years ago

Updated by Alexis Mousset about 4 years ago

Updated by Alexis Mousset about 4 years ago

Updated by Alexis Mousset about 4 years ago

Updated by Vincent MEMBRÉ about 4 years ago

Updated by Alexis Mousset almost 4 years ago

Updated by Vincent MEMBRÉ over 3 years ago