php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #1503 PHP breaks Apache 1.3.6 Auth module
Submitted: 1999-06-07 19:16 UTC Modified: 1999-11-14 04:06 UTC
From: paul at hyperlink dot net dot au Assigned:
Status: Closed Package: Other
PHP Version: 3.0.9 OS: Linux 2.0.35
Private report: No CVE-ID: None
View Developer Edit
 [1999-06-07 19:16 UTC] paul at hyperlink dot net dot au 
PHP seems to break the Apache auth module.
Fault is in PHP 3.0.8 & 3.0.9 (3.0.7 is OK).

Compiled PHP with --with-mysql --with-mcrypt --with-apache=../apache_1.3.6 --enable-track-vars
When using the Apache config directive:

<Directory />
        Options Indexes FollowSymLinks Includes
        AllowOverride AuthConfig Limit
</Directory>

Apache returns an Access Denied Error when trying to access _any_ site on the server. The Apache error log is shows: 

[crit] [client 203.x.x.x] /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

If we use AllowOverride None we don't get the error but we can't use authentication either (of course).

PHP 3.0.7 is OK, but 3.0.8 & 3.0.9 are both affected.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1999-09-05 13:32 UTC] coar at cvs dot php dot net 
I don't see any reason to think PHP is involved here; the
processing of .htaccess files is an Apache function, not
something PHP does.  Unless the .htaccess file contains
PHP-related directives..?  Why do you think PHP is at
fault here?

BTW, you *can* do auth for such directories -- but only
by putting the auth directives into an appropriate
<Directory> container in the main config files.  That will
work while the .htaccess files are broken and disabled
with AllowOverride None.
 [1999-11-14 04:06 UTC] joey at cvs dot php dot net 
Not PHP issue
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Nov 05 18:00:01 2025 UTC