This is an odd one, so I'll try to explain it as best as possible. We're running Apache 2.0.49 on linux with Symlinksifownermatch turned on for public_html directories. However, when you try to access a file in someone's webspace through a symlink, even though the owners match, a 403 forbidden is thrown with this in the error log: [Thu Jun 17 11:51:55 2004] [error] [client 131.94.133.26] Symbolic link not allowed: /home/vixen2/flynnj/public_html/link.html Now, if there is an .htaccess file in the public_html directory, containing ONLY the following: ErrorDocument 404 /~flynnj/404.html ...suddenly symlinks are followed correctly! It even does the owner check; if the symlink is owned by root, I get a 403 forbidden. Also, the 403 forbidden generated by this seems to behave differently than a normal 403 forbidden, in that it complains about an "additional 403 forbidden" accessing the ErrorDocument, which appears just fine when the 403 occurs due to another reason, such as an unreadable file. There are no other ErrorDocument declarations in the httpd.conf, so I'm not sure where this could be coming from. I can clarify and/or provide more information if required. Virtualhost with the problem: <VirtualHost *> ServerName www.cs.fiu.edu ServerAlias www.cs.fiu.edu ServerAdmin webmaster@cs.fiu.edu DocumentRoot /depot/http/www.cs.fiu.edu/data ErrorLog /depot/http/www.cs.fiu.edu/logs/error_log.apache2 ErrorDocument 500 /errors/500.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ReadmeName README HeaderName HEADER TransferLog /depot/http/www.cs.fiu.edu/logs/access_log.apache2 CustomLog /depot/http/www.cs.fiu.edu/logs/referer_log.apache2 referer CustomLog /depot/http/www.cs.fiu.edu/logs/agent_log.apache2 agent CustomLog /depot/http/www.cs.fiu.edu/logs/combined_access_log.apache2 combined ScriptLog /depot/http/www.cs.fiu.edu/logs/cgi.log.apache2 ScriptAlias /cgi-bin/ /depot/http/www.cs.fiu.edu/cgi-bin/ Alias /icons/ "/depot/http/icons/" </VirtualHost> Directory declaration for home directories: <Directory /home/*> AllowOverride AuthConfig FileInfo Limit Indexes Options +SymLinksIfOwnerMatch Indexes Includes +ExecCGI php_admin_flag safe_mode on </Directory>
Just wondering, Is anyone actually reading these bug reports? I looked at a bunch of others and they're all unanswered, just like this one... -John
The short answer is "yes." You probably don't want to hear the long answer. Word to the wise: Look in the several CHANGES files in the source distribution for the string " PR " and consider how those issues were addressed.
Is this still reproducible in 2.0.53? Can you reduce it to a minimal set of changes to the stock httpd.conf? A simple attempt to reproduce here (outside a vhost, notably) didn't show the problem.
Not sure if it's an exact duplicate, but if not (and if it's not already fixed), 2.0 is too old. *** This bug has been marked as a duplicate of bug 36783 ***