Bug 52823 - Incorrect semantics of AllowOverrideList in Apache-2.4.1
Summary: Incorrect semantics of AllowOverrideList in Apache-2.4.1
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.1
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk
Depends on:
Reported: 2012-03-04 18:09 UTC by Tianyin Xu
Modified: 2012-05-06 07:26 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Tianyin Xu 2012-03-04 18:09:05 UTC
It seems that AllowOverride is a new feature of Apache-2.4.1. But it seems to have quite a few problems. When looking at source code, the parsing logic is as follows (server/core.c):

//argc is the number of arguments
//argv[] is the argument array, each element argv[i] is a cmd name

for (i=0;i<argc;i++){
    if (!strcasecmp(argv[i], "None")) {
        return NULL;
    else {
        const command_rec *result = NULL;
        module *mod = ap_top_module;
        result = ap_find_command_in_modules(argv[i], &mod);
        if (result)
            apr_table_set(d->override_list, argv[i], "1");
            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, 
                cmd->server, APLOGNO(00116)
                "Discarding unrecognized directive `%s' in AllowOverrideList.",

From the code, we can see that the parsing returns as long as a "None" is detected. As a result, the following two configuration entries have very different effects:

AllowOverrideList DirectoryIndex Redirect None
AllowOverrideList None DirectoryIndex Redirect

The former sets two directives to be allowed in .htaccess while the latter sets nothing, which causes ambiguity.

Actually the logic of "AllowOverrideList DirectoryIndex Redirect None" itself is very ambiguous. "None" and the other directives are obviously contradictory.

I suggest to print out some log messages to explicitly tell users the contradictory and which particular setting is omitted. This can avoid user's misconfigurations and bring clear semantics of AllowOverrideList.

Thanks a lot!
Comment 1 Stefan Fritsch 2012-03-19 20:58:11 UTC
Fixed by disallowing None together with anything else: r1302653
Comment 2 Stefan Fritsch 2012-05-06 07:26:09 UTC
fixed in 2.4.2