COMMAND

    httpd

SYSTEMS AFFECTED

    Systems running CERN httpd (unknow version)

PROBLEM

    Peter Lord came accross this problem recently when using the CERN
    server.  If server has the following in the config file:

    Protection secret {
            AuthType        Basic
            ServerID        mine
            PasswdFile      /httpd/config/passwd
            GroupFile       /httpd/config/group
            POST-Mask       secret_group
            GET-Mask        secret_group
            PUT-Mask        webmaster
    }

    Protect /secret/*           secret

    This wil work fine.  When the client tries to access for example

        http://www.some.site/secret/index.html

    the password box pops up.

    However, if the client tries to access

        http://www.some.site//secret/index.html (note the double slash)

    the server happily serves the document out.

SOLUTION

    Tempory workaround would be to add:

        Protect //secret/*    secret

    Whick seems  to work  (regardless of  how many  extra slashes  are
    slotted in).