>Number: 2539 >Category: config >Synopsis: Not allowing symlinks in a <Location> directive. >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jul 1 15:10:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3 >Environment: Solaris 2.6 gcc 2.8.0 >Description: In my srm.conf I have the following line:
DocumentRoot /disk2/apache/htdocs Alias /tt/ /disk2/tt/ In my access.conf I have the following lines: <Directory /> Options None AllowOverride None </Directory> <Directory /disk2/apache/htdocs> Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all </Directory> <Location ~ "^/tt"> Options Indexes FollowSymLinks </Location> The problem is this: In my directory /disk2/tt I have two files, one of which is a symbolic link to the other. When I try to access the file, I get this error: Forbidden You don't have permission to access /tt/test2.html on this server And my error log shows this: [Wed Jul 1 16:39:47 1998] [error] Symbolic link not allowed: /disk2/tt/test2.html The things that are odd: 1. The symbolic links work fine in my document root, which uses the same "Options" line as the /tt directory 2. The indexing works fine in my /tt directory, so half of my "Options" command works. If I comment out "AllowOverride None" in my / config, it all works fine, but then my server is completely opened, and I would have to then restrict every directory. >How-To-Repeat: Set up as noted above. >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
