httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Debonne <apa...@debonne.net>
Subject [users@httpd] Symbolic link not allowed
Date Mon, 27 Sep 2004 02:31:36 GMT
Hi,

I just set up a new server with Mandrake 10 Linux (Apache-v2.0.48). 
Mandrake came out of the box with the DocumentRoot set to /var/www/html.  I 
run several VirtualHost domains which I create a symbolic link from 
directory:

/var/www/html/virtualdomain.com >

/home/user/virtualdomain.com

Restarted httpd and as expected, everything worked great.  HOWEVER, the 
following morning my apache error log is full of "...Symbolic link not 
allowed:.." and when accessing the domain I get:

Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an 
ErrorDocument to handle the request.

Apache FAQ #15 does not apply to me.  While many of the posts in the apache 
archives address this issue, the majority are slightly different problems 
with the same end result, or N/A to my version of apache.

To be sure it wasn't a UNIX permissions issue hijacked by Mandrake's msec, 
I temporarily changed all the documents to 777 for debuging this.  Still no 
change.

According the apache's docs, options for directories are processes in order 
they are set in the file.

commonhttpd.conf:

LINE 35:
<Directory />
  Options -All -Multiviews
  AllowOverride None
  <IfModule mod_access.c>
    Order deny,allow
    Deny from all
  </IfModule>
</Directory>

LINE 881:
<Directory /var/www/html>
    Options -Indexes FollowSymLinks MultiViews
    AllowOverride All
    <IfModule mod_access.c>
      Order allow,deny
    Allow from all
    </IfModule>
</Directory>

(Just to be safe, I dropped my actual Directory directive of my problem 
domain at the bottom of the file)
LINE 1001:
<Directory /var/www/html/fromherz.net>
AllowOverride ALL
Options ALL
Order Deny,Allow
Allow from all
</Directory>

It appears that this would allow symbolic links, which it did yesterday. 
(System not compromised)  The biggest challenge for me here is, what could 
have changed in less than 24 hours?!

Thank you,

Yann



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message