www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Valerio VALDEZ Paolini" <val...@alinet.it>
Subject Re: config/1818: Follows symbolic links wether or not disabled
Date Tue, 17 Feb 1998 12:10:00 GMT
The following reply was made to PR config/1818; it has been noted by GNATS.

From: "Valerio VALDEZ Paolini" <valdez@alinet.it>
To: Dean Gaudet <dgaudet@arctic.org>
Cc: apbugs@hyperreal.org
Subject: Re: config/1818: Follows symbolic links wether or not disabled
Date: Tue, 17 Feb 1998 11:52:24 +0100

 Goodmorning Dean,
 
 	some more informations about the 'bug'.
 I got Apache 1.2.5-1 directly from RedHat (we run a mirror
 at university). I checked the original rpm packet on my
 cdrom and there are no info about the packager or anything
 else.
 
 	Yesterday night I told you that I have the problem
 at home with version 1.2.5 and not at university with version
 1.2.4: this is not true, I have the same problem in both
 places; this seems to confirm what you said about misconfiguration.
 But I really can't understand why and where the problem is.
 
 	I cannot provide you an example, but it is very simple
 to reproduce it: just link /etc/passwd in your home directory
 being user and try to access it from the internet. Here it works.
 
 	I hope it is not a misconfiguration because I don't want
 to waste your time.
 
 	The directory structure (pruned) is as follows:
 
 .		(the subtree starts here at /home/web-moo/webspace/)
 |-- adm
 |-- auth	(here I have users' logins & pwd)
 |   |-- passwd
 |   `-- www.totale
 |-- bin
 |   |-- backup
 |   |-- banner
 |   |-- configs
 |   |-- counter
 |   |-- log_http
 |   |-- security
 |   `-- utils
 |-- cgi-bin	(here are ScriptAliased my scripts)
 |   |-- banner.cgi
 |   |-- counter.cgi
 |   `-- yeti
 |       |-- access_log.cgi
 |       |-- auth.cgi
 |       |-- cambio_passwd.cgi
 |       |-- debug.cgi
 |       |-- directory.cgi
 |       |-- lista.cgi
 |       |-- logger_add.cgi
 |       |-- messaggio.cgi
 |       |-- privacy.cgi
 |       |-- status1.cgi
 |       |-- status2.cgi
 |       `-- yeti.pm
 |-- data
 |-- lock
 |-- log
 `-- web		(here is my document root)
     |-- accesso_ristretto.shtml
     |-- home.html
     |-- index.html
     |-- index.shtml
     |-- cdl
     |-- comesifa
     |-- esaminando
     |-- feedback
     |-- icons
     |-- images
     |-- informazioni
     |-- laureando
     |-- servizi
     |-- software
     |-- tzone
     `-- yeti
 
 705 directories, 5051 files
 
 	The are many many directories and no .htaccess somewhere to
 override default configuration, I tried to search them as usual
 with find / -name ".htaccess": brute force.
 
 	Here are my config files:
 
 HTTPD.CONF -----------------------------------------------------
 
 ServerType standalone
 
 Port 80
 
 HostnameLookups on
 
 User www-data
 Group www-data
 
 BrowserMatch Mozilla/2 nokeepalive
 
 ServerAdmin webmaster@caristudenti.cs.unibo.it
 
 ServerRoot /etc/httpd/
 
 ErrorLog /var/log/apache/error.log
 
 LogFormat "%{%a %d/%m/%Y
 %H:%M:%S}t|%h|%u|%f|%b|%{Referer}i|\"%{User-agent}i\"|%T|%s"
 
 TransferLog /var/log/apache/access.log
 
 PidFile /var/run/httpd.pid
 
 ScoreBoardFile logs/apache_status
 
 #ServerName CariStudenti.CS.UniBO.IT
 
 Timeout 400
 
 KeepAlive On
 
 MaxKeepAliveRequests 100
 
 KeepAliveTimeout 15
 
 MinSpareServers 1
 MaxSpareServers 1
 
 StartServers 1
 
 MaxClients 15
 
 MaxRequestsPerChild 30
 
 ACCESS.CONF ---------------------------------------------
 
 <Directory />
 	AllowOverride None
 	Order deny,allow
 	Deny from all
 </Directory>
 
 <Directory /etc>
 	AllowOverride None
 	Order deny,allow
 	Deny from all
 </Directory>
 
 <Directory /home/>
 	AllowOverride None
 	Order deny,allow
 	Allow from all
 </Directory>
 
 <Directory /home/web-moo/webspace/cgi-bin/yeti/>
 	deny from all 
 	allow from cs.unibo.it
 	AuthType Basic 
 	AuthUserFile /home/web-moo/webspace/auth/www.totale
 	AuthName CariStudenti 
 	require valid-user 
 	satisfy any 
 </Directory>
 
 <Directory /home/web-moo/webspace/web>
 	Options Indexes Includes
 	AllowOverride None
 	order allow,deny
 	allow from all
 </Directory>
 
 <Directory /home/web-moo/webspace/web/yeti/>
 	deny from all 
 	allow from cs.unibo.it 
 	AuthType Basic 
 	AuthUserFile /home/web-moo/webspace/auth/www.totale 
 	AuthName CariStudenti 
 	require valid-user 
 	satisfy any 
 </Directory>
 
 <Directory /home/web-moo/webspace/web/servizi/>
 	deny from all 
 	allow from cs.unibo.it 
 	AuthType Basic 
 	AuthUserFile /home/web-moo/webspace/auth/www.totale 
 	AuthName CariStudenti 
 	require valid-user 
 	satisfy any 
 </Directory>
 
 <Directory /home/web-moo/webspace/web/esaminando/>
 	deny from all 
 	allow from cs.unibo.it 
 	AuthType Basic 
 	AuthUserFile /home/web-moo/webspace/auth/www.totale 
 	AuthName CariStudenti 
 	require valid-user 
 	satisfy any 
 </Directory>
 
 <Location /server-status>
 	SetHandler server-status
 	order deny,allow
 	deny from all
 	allow from localhost
 </Location>
 
 SRM.CONF --------------------------------------------------------
 
 DocumentRoot /home/web-moo/webspace/web
 
 UserDir "."
 
 DirectoryIndex home.shtml home.html index.shtml index.html home.htm index.htm
 
 FancyIndexing on
 
 AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
 
 AddIconByType (TXT,/icons/text.gif) text/*
 AddIconByType (IMG,/icons/image2.gif) image/*
 AddIconByType (SND,/icons/sound2.gif) audio/*
 AddIconByType (VID,/icons/movie.gif) video/*
 
 AddIcon /icons/binary.gif .bin .exe
 AddIcon /icons/binhex.gif .hqx
 AddIcon /icons/tar.gif .tar
 AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
 AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
 AddIcon /icons/a.gif .ps .ai .eps
 AddIcon /icons/layout.gif .html .shtml .htm .pdf
 AddIcon /icons/text.gif .txt
 AddIcon /icons/c.gif .c
 AddIcon /icons/p.gif .pl .py
 AddIcon /icons/f.gif .for
 AddIcon /icons/dvi.gif .dvi
 AddIcon /icons/uuencoded.gif .uu
 AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
 AddIcon /icons/tex.gif .tex
 AddIcon /icons/bomb.gif core
 
 AddIcon /icons/back.gif ..
 AddIcon /icons/hand.right.gif README
 AddIcon /icons/folder.gif ^^DIRECTORY^^
 AddIcon /icons/blank.gif ^^BLANKICON^^
 
 DefaultIcon /icons/unknown.gif
 
 ReadmeName README
 HeaderName HEADER
 
 IndexIgnore */.??* *~ *# */HEADER* */README* */RCS
 
 AccessFileName .htaccess
 
 DefaultType text/plain
 
 AddEncoding x-compress Z
 AddEncoding x-gzip gz
 
 AddLanguage en .en
 AddLanguage it .it
 
 LanguagePriority it en
 
 Alias /icons/	/home/web-moo/webspace/web/icons/
 Alias /img/		/home/web-moo/webspace/web/images/
 Alias /vangoof	/home/casolari/vg/
 
 ScriptAlias /cgi-bin/ /home/web-moo/webspace/cgi-bin/
 
 AddType text/html .htm
 
 # To use CGI scripts:
 #AddHandler cgi-script .cgi
 
 AddType text/html .shtml
 AddHandler server-parsed .shtml
 
 ErrorDocument   400     /errori/400.shtml
 ErrorDocument   401     /errori/401.shtml
 ErrorDocument   402     /errori/402.shtml
 ErrorDocument   403     /errori/403.shtml
 ErrorDocument   404     /errori/404.shtml
 ErrorDocument   405     /errori/405.shtml
 ErrorDocument   500     /errori/500.shtml
 ErrorDocument   501     /errori/501.shtml
 ErrorDocument   503     /errori/503.shtml
 
 ----------------------------------------------
 
 	Thank you very much for your attention; I hope we can solve
 the problem as soon as possible. If you need some more information,
 please write me. Please forgive my english!
 
 	Ciao,
 
 		Valerio
 
 
 --------------------------------------------------------------------------
  Valerio Paolini, studente del Corso di Laurea in Informatica della
  Facolta' di Scienze MM.FF.NN. dell'Universita' di Bologna, Italia.
 --------------------------------------------------------------------------
  valdez@alinet.it		www.alinet.it/valdez
  paolini@cs.unibo.it		caristudenti.cs.unibo.it/~paolini
 --------------------------------------------------------------------------
  Via Matteotti 22, 40100 Bologna BO, Italia, tel. +39(0)51361581
 -------------------------------------------------------------------------- 
 

Mime
View raw message