Bug 29647 - Strange interaction between "ErrorDocument" directive and "SymlinksIfOwnerMatch" option
Summary: Strange interaction between "ErrorDocument" directive and "SymlinksIfOwnerMat...
Status: RESOLVED DUPLICATE of bug 36783
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.0.49
Hardware: PC Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2004-06-17 16:08 UTC by John Flynn
Modified: 2010-07-20 09:41 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description John Flynn 2004-06-17 16:08:57 UTC
This is an odd one, so I'll try to explain it as best as possible.

We're running Apache 2.0.49 on linux with Symlinksifownermatch turned on for
public_html directories. However, when you try to access a file in someone's
webspace through a symlink, even though the owners match, a 403 forbidden is
thrown with this in the error log:

[Thu Jun 17 11:51:55 2004] [error] [client] Symbolic link not
allowed: /home/vixen2/flynnj/public_html/link.html

Now, if there is an .htaccess file in the public_html directory, containing ONLY
the following:

ErrorDocument 404 /~flynnj/404.html

...suddenly symlinks are followed correctly! It even does the owner check; if
the symlink is owned by root, I get a 403 forbidden.

Also, the 403 forbidden generated by this seems to behave differently than a
normal 403 forbidden, in that it complains about an "additional 403 forbidden"
accessing the ErrorDocument, which appears just fine when the 403 occurs due to
another reason, such as an unreadable file. There are no other ErrorDocument
declarations in the httpd.conf, so I'm not sure where this could be coming from.

I can clarify and/or provide more information if required. 

Virtualhost with the problem:

<VirtualHost *>
 ServerName www.cs.fiu.edu
 ServerAlias www.cs.fiu.edu
 ServerAdmin webmaster@cs.fiu.edu
 DocumentRoot /depot/http/www.cs.fiu.edu/data
 ErrorLog /depot/http/www.cs.fiu.edu/logs/error_log.apache2
 ErrorDocument 500 /errors/500.html
 ErrorDocument 403 /errors/403.html
 ErrorDocument 404 /errors/404.html
 ReadmeName README
 HeaderName HEADER
 TransferLog /depot/http/www.cs.fiu.edu/logs/access_log.apache2
 CustomLog /depot/http/www.cs.fiu.edu/logs/referer_log.apache2 referer
 CustomLog /depot/http/www.cs.fiu.edu/logs/agent_log.apache2 agent
 CustomLog /depot/http/www.cs.fiu.edu/logs/combined_access_log.apache2 combined
 ScriptLog /depot/http/www.cs.fiu.edu/logs/cgi.log.apache2
 ScriptAlias /cgi-bin/ /depot/http/www.cs.fiu.edu/cgi-bin/
 Alias /icons/ "/depot/http/icons/"

Directory declaration for home directories:

 <Directory /home/*>
  AllowOverride AuthConfig FileInfo Limit Indexes
  Options +SymLinksIfOwnerMatch Indexes Includes +ExecCGI
  php_admin_flag safe_mode on
Comment 1 John Flynn 2004-06-23 16:26:48 UTC
Just wondering,

Is anyone actually reading these bug reports? I looked at a bunch of others and
they're all unanswered, just like this one...

Comment 2 Jeff Trawick 2004-06-23 16:36:36 UTC
The short answer is "yes."  You probably don't want to hear the long answer.
Word to the wise: Look in the several CHANGES files in the source distribution
for the string " PR " and consider how those issues were addressed.

Comment 3 Joe Orton 2005-02-24 17:38:23 UTC
Is this still reproducible in 2.0.53? Can you reduce it to a minimal set of
changes to the stock httpd.conf?  A simple attempt to reproduce here (outside a
vhost, notably) didn't show the problem.
Comment 4 Nick Kew 2010-07-20 09:41:44 UTC
Not sure if it's an exact duplicate, but if not (and if it's not already fixed), 2.0 is too old.

*** This bug has been marked as a duplicate of bug 36783 ***