httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul J. Reder" <>
Subject Re: cvs commit: httpd-2.0/server request.c
Date Thu, 12 Dec 2002 16:31:44 GMT wrote:

> wrowe       2002/12/11 23:05:54
>   Modified:    server   request.c
>   Log:
>     Make the code simpler to follow, and perhaps clear up the follow-symlink
>     bug reports we have seen on bugzilla.  e.g. 14206 etc.
>   Revision  Changes    Path
>   1.122     +23 -43    httpd-2.0/server/request.c

Sorry to be the bearer of bad news but the problem reported in 14206 still

occurs with this new code. All you have to do is the following:

In your htdocs directory:

mv index.html foo.html
ln -s foo.html index.html

In your httpd.conf:

# Note: Options should not allow FollowSymLinks
<Directory />
     Options None
     AllowOverride None

<Directory /home/Apache/htdocs>
    Options None
    AllowOverride None
    Order deny,allow
    Allow from all

Now bring up your browser and request:

You'll get a 403:forbidden error.

You'll get the page foo.html.

I can spend more time tracking this if you want, but it won't be
till this afternoon.

Paul J. Reder
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it.  Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure."
-- Albert Einstein

View raw message