Red Hat Bugzilla – Bug 469451
Replace LocationMatch with Directory directive so all aliases are covered
Last modified: 2008-12-02 20:23:31 EST
Description of problem:
The phpMyAdmin package provides /etc/httpd/conf.d/phpMyAdmin.conf which sets up two global aliases, /phpMyAdmin and /phpmyadmin, that both point to /usr/share/phpMyAdmin.
The config file also supplies a section that you can uncomment to make mod_security not block on requests with SQL. This section uses <LocationMatch "/phpMyAdmin/(.+)">. This means that when using /phpMyAdmin the mod_security customization is applied, but not when using the lower-case alias /phpmyadmin. This could be fixed by expanding the regex to also apply to phpmyadmin, but I believe the better fix is to just use <Directory /usr/share/phpMyAdmin> instead of the LocationMatch.
The Apache documentation also recommends using the Directory directive: "Use <Location> to apply directives to content that lives outside the filesystem. For content that lives in the filesystem, use <Directory> and <Files>."
Version-Release number of selected component (if applicable): 188.8.131.52-1
-# <LocationMatch "/phpMyAdmin/(.+)">
+# <Directory /usr/share/phpMyAdmin>
# SecRuleInheritance Off
Nils, thanks for your report. I know, what the mod_security part is for, I
was the guy wanting to have it there long long time ago. I will take care of
this with the next phpMyAdmin update which surely will come...
phpMyAdmin-3.1.0-1.fc10 has been submitted as an update for Fedora 10.
phpMyAdmin-3.1.0-1.fc9 has been submitted as an update for Fedora 9.
phpMyAdmin-3.1.0-1.fc8 has been submitted as an update for Fedora 8.
856 (phpMyAdmin): Build on target fedora-4-epel succeeded.
857 (phpMyAdmin): Build on target fedora-5-epel succeeded.
Package: phpMyAdmin-3.1.0-1.fc11 Tag: dist-f11 Status: complete Built by: robert
Package: phpMyAdmin-3.1.0-1.fc10 Tag: dist-f10-updates-candidate Status: complete Built by: robert
Package: phpMyAdmin-3.1.0-1.fc9 Tag: dist-f9-updates-candidate Status: complete Built by: robert
Package: phpMyAdmin-3.1.0-1.fc8 Tag: dist-f8-updates-candidate Status: complete Built by: robert
phpMyAdmin-3.1.0-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.1.0-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.1.0-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.