httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28515] New: - A reference to a broken symbolic link results in a "broken" error response page.
Date Wed, 21 Apr 2004 15:01:54 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28515>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28515

A reference to a broken symbolic link results in a "broken" error response page.

           Summary: A reference to a broken symbolic link results in a
                    "broken" error response page.
           Product: Apache httpd-2.0
           Version: 2.0.49
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Rolf.Sponsel@kstr.lth.se
                CC: Rolf.Sponsel@kstr.lth.se


The verify this, to the best of my knowledge, after having performed a clean
installation of httpd 2.0.49 (using the default 'httpd.conf' file) I created
three additional file system entries in the directory 'htdocs', being part of
the standard httpd distribution, as follows:

cd htdocs
ln -s index.html.var SYMLINK
ln -s non-such-file BROKEN-SYMLINK
touch READ-PROTECTED-FILE
chmod 600 READ-PROTECTED-FILE

After starting the httpd daemon, I accessed the server by entering the following
 URLs into my browser (Mozilla):

1). http://192.168.0.100/
      which renders the Test Page for Apache Installation.

2). http://192.168.0.100/NO-SUCH-FILE
      rendering a std '404 Not Found' response like this (which is okay):

> Not Found
> 
> The requested URL /NO-SUCH-FILE was not found on this server.
> Apache/2.0.49 (Unix) Server at 192.168.0.100 Port 80

3). http://192.168.0.100/READ-PROTECTED-FILE
      rendering a std '403 Forbidden' response like this (which is also okay):

> Forbidden
>
> You don't have permission to access /READ-PROTECTED-FILE on this server.
> Apache/2.0.49 (Unix) Server at 192.168.0.100 Port 80

and finally

4). http://192.168.0.100/BROKEN-SYMLINK
      rendering a std '403 Forbidden' response like this (which seems a little
broken to me):

> Forbidden
>
> You don't have permission to access /BROKEN-SYMLINK on this server.
>
> Additionally, a 403 Forbidden error was encountered while trying to use an
ErrorDocument to handle the request.
> Apache/2.0.49 (Unix) Server at 192.168.0.100 Port 80


That "Additional" 403 error indicates a reference to a document just as if the
server wanted to reference a 'Customized Error Response' document, usually
defined by an 'ErrorDocument' directive, to wich it doesn't have access. This
although we have *not* enabled (at least not explicitly) the use of 'Customized
Error Responses'.


To verify that the problem is not that we wouldn't be allowed to follow symlinks
in the 'htdocs' directory, you could use:

http://192.168.0.100/SYMLINK


And this is what can be found in the 'error_log' file:

[Wed Apr 21 16:08:18 2004] [error] [client 192.168.0.101] File does not exist:
/usr/local/apache2/htdocs/NO-SUCH-FILE
[Wed Apr 21 16:08:35 2004] [error] [client 192.168.0.101] (13)Permission denied:
file permissions deny server access: /usr/local/apache2/htdocs/READ-PROTECTED-FILE
[Wed Apr 21 16:08:59 2004] [error] [client 192.168.0.101] Symbolic link not
allowed: /usr/local/apache2/htdocs/BROKEN-SYMLINK


An issue seems to be burried here somewhere.

Please come back to me if you should need more information on this.


Best Regards,
Rolf Sponsel


Ps. There probably is another issue, which initially triggered my investigation
of this, that could be related to this issue. But that I'll first have to track
down a little further, and report it as an separate issue. Once I have done that
I'll, if I don't have forgotten it by then, add a reference to to this report
(and vice versa). Need to take one step at a time :-)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message