Bug#457339: SetEnv vs. SetEnvif vs. php

Package: apache2.2-common
Version: 2.2.6-3

I have discovered a bug in the Debian apache2 and/or php packages. Consider the following .htaccess file,

#SetEnvif User-Agent . ban
#SetEnv ban
Order Allow,Deny
Allow from all
Deny from env=ban

Looking in error.log, if you uncomment the first line, all you will see
[Fri Dec 21 23:23:23 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/
which is good. If instead you uncomment the second line, you get
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.html
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.cgi
[Fri Dec 21 23:26:24 2007] [error] [client 127.0.0.1] client denied by server configuration: /var/lib/bla/index.pl
meaning that somehow index.php was forgotten on the list of things to stop!

Indeed, one scratches their head about why the effect is not the same as the first.

Or http://localhost/manual/env.html should expound further the secrets involved.

If so please reassign to apache2-doc. Thanks.

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org