Bugzilla upstream ships a .htaccess file that contains, among other things, this snippet of Apache configuration:
# Don't allow people to retrieve non-cgi executable files or our private data
<FilesMatch (\.pm|\.pl|\.tmpl|localconfig.*)$>
<IfModule mod_version.c>
<IfVersion < 2.4>
Deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
Deny from all
</IfModule>
</FilesMatch>
I'm running Apache 2.4; however I get 500 errors about Deny whenever I visit the Bugzilla homepage. Turns out that Apache is getting Deny from all from inside the <IfModule !mod_version.c> block, and changing this to Require all denied fixes the errors. Other <IfModule> blocks for e.g. mod_rewrite work OK.
Why is Apache behaving this way? I've searched the web pretty extensively with no luck.
Here's some more info about my system:
% sudo apachectl -M | grep version
version_module (static)
% uname -a # Debian 8
Linux steevie 4.9.0-0.bpo.3-amd64 #1 SMP Debian 4.9.30-2+deb9u2~bpo8+1 (2017-06-27) x86_64 GNU/Linux
% apachectl -v
Server version: Apache/2.4.10 (Debian)
Server built: Jul 18 2017 18:32:16
0 Answers