6.0.0-beta1
7/5/25

[#14193] allow and deny directives in .htaccess broken
Summary allow and deny directives in .htaccess broken
Queue Horde Base
Queue Version Git master
Type Enhancement
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester heinz (at) htl-steyr (dot) ac (dot) at
Created 12/14/2015 (3491 days ago)
Due
Updated 01/13/2016 (3461 days ago)
Assigned
Resolved 01/13/2016 (3461 days ago)
Milestone
Patch No

History
01/13/2016 04:49:06 PM Jan Schneider Assigned to Jan Schneider
State ⇒ Resolved
 
12/14/2015 03:02:39 PM heinz (at) htl-steyr (dot) ac (dot) at Comment #1
State ⇒ New
Priority ⇒ 2. Medium
Type ⇒ Enhancement
Summary ⇒ allow and deny directives in .htaccess broken
Queue ⇒ Horde Base
Milestone ⇒
Patch ⇒ No
Reply to this comment
The directives Allow from, Deny from, Order ... provided by the apache 
module mod_access_compat have been deprecated.

In newer apache installations the mod_authz_* modules are used instead 
by default and the provided .htaccess files of horde leads in an error 
500 (eg. invalid command "allow")

So all .htaccess files of horde and horde-applications should look like this:

In case of "Allow from all":
<IfModule !mod_access_compat.c>
   Require all granted
</IfModule>
<IfModule mod_access_compat.c>
   Allow from all
</IfModule>

In case of "Deny from all":
<IfModule !mod_access_compat.c>
   Require all denied
</IfModule>
<IfModule mod_access_compat.c>
   Deny from all
</IfModule>



Saved Queries