httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul B. Henson" <hen...@acm.org>
Subject Re: [users@httpd] SSI/server-side includes and symbolic links/SymlinkIfOwnerMatch
Date Sat, 04 Oct 2008 23:07:41 GMT
On Sat, 4 Oct 2008, [iso-8859-1] André Warnier wrote:

> In other words, check if by any chance you do not have some <Location>
> section negating all your configuration snippets for that <Directory>.

I'm pretty sure the config is ok; the following are exerpts from my actual
config of all Directory/Location sections. Also, the config works fine for
non-SSI accessed symbolic links. For example, if
/export/user/bob/www/test.html (owned by bob) is a symlink to
/export/user/fred/www/foo.html (owned by fred), accessing /~bob/test.html
fails, and a symbolic link failure is logged. However, if
/export/user/bob/www/test_ssi.html contains an include (either
file=/export/user/bob/www/test.html or virtual=/~bob/test.html), accessing
/~bob/test_ssi.html successfully delivers the content of
/export/user/fred/www/foo.html via the include of the symbolic link, even
though the ownership differs.

This was unexpected and problematic for my intended implementation...

[...]
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
</Directory>
[...]
<Directory "/usr/pkg/share/httpd/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>
[...]
<Directory "/usr/pkg/libexec/cgi-bin">
        SSLOptions +StdEnvVars
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
</Directory>
[...]
<Directory "/export/user/*/www">
[...]
        Options Indexes SymLinksIfOwnerMatch IncludesNoExec
[...]
</Directory>
[...]
<Directory "/export/group/*/www">
[...]
        Options Indexes SymLinksIfOwnerMatch IncludesNoExec
[...]
</Directory>
[...]
<Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
</Location>
[...]
<Directory "/usr/pkg/share/httpd/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message