Server Version: Apache/1.3.24 (Unix) Server Built: May 1 2002 10:07:09 API Version: 19990320:11 Run Mode: standalone From the httpd.conf: <IfModule mod_info.c> <Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from 127 10 192.168 Satisfy any </Location> </IfModule> This is a LOCATION directive, which processes after the .htaccess directives have occurred. For my docroot directory, I've got an "AllowOverride All" in place. However, in that root directory, I do *not* have an .htaccess file. I get a Server Error 500, and it generates an access_log entry, but no error_log entry. access_log: 10.X.X.X - - [14/May/2002:11:40:20 -0500] "GET /server-info HTTP/1.1" 500 630 If I remove the "Satisfy any" clause, operation is normal. The issue is that I don't know in advance if the user will put a .htaccess file in place to pre-determine if I need to put a "Satisfy any" clause in the LOCATION blocks. I don't know if "Satisfy any" requires an .htaccess file and a "Require" clause in it before it will work. I think the behaviour should be that "Satisfy any" doesn't care if there is a .htaccess file or not (implies no condition, but not satisfied). Using a "Satisfy any" should always allow access if not specified by either .htaccess or "Allow from" Michael.
Same behaviour with 1.3.26 on Windows 2000 Professional. (even with simpler test-case, i.e. normal directory, only "Satisfy") I wonder whether this should be split into two bugs: - one documentation bug to make it clearer that access restrition by client host address AND username/password ist _required_ if you want to use "Satisfy". (It only states "is only useful") - one bug, because Apache should log something like this in its error log.
Well, it's a broken logic in "satisfy any" handling. Bug is fixed in 2.1.0-dev and proposed for backport. Thanks for using Apache!
It's fixed now and will be available in the next release (1.3.28).