Bug 14726

Summary: satisfy directive scope problem?
Product: Apache httpd-2 Reporter: bewdy_au
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED FIXED    
Severity: enhancement    
Priority: P3    
Version: 2.0-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   

Description bewdy_au 2002-11-21 02:25:23 UTC
I set up a server script directory called /bug containing the 
attached .htaccess file and script, test.cgi.  In this configuration, GETing 
and POSTing /bug/test.cgi both require authentication.  If the order of the 
Limit directives is reversed, neither requires authentication.  Should 
the "satisfy all" and "satisfy any" directives be limited to the scope of the 
respective Limit directives?  This setup is just to demonstrate the problem and 
not what I actually want to achieve.

------------------------ .htaccess ----------------------------------
    AuthType Basic
    AuthName Basic
    AuthUserFile /usr/local/apache2/htaccess/htpasswd
    AuthGroupFile /usr/local/apache2/htaccess/htgroup

    <Limit GET>
        satisfy any
        allow from all
        require valid-user

    <Limit POST>
        satisfy all
        allow from all
        require valid-user

---------------------- test.cgi -------------------------
cat <<EOD
Content-type: text/html

<form action="/bug/test.cgi" method="post">
<input type="submit">

Comment 1 André Malo 2004-03-14 16:28:05 UTC
It never worked. But considered useful ;)
It was fixed in 2.1 and is a possible candidate for being backported into 2.0.

Thanks for the report and for using Apache.