>Number: 2557 >Category: general >Synopsis: apache will not follow symbolic links >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Jul 6 12:10:01 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.0 >Environment: SunOS 5.5 Generic sun4m sparc SUNW,SPARCstation-20 compiled with gcc version 2.7.2.2 >Description: Not sure if this is a security feature or a bug, but when a symbolic link exists in the document root, Apache will not deliver the file requested. In my specific installation, I have the symbolic link /usr/local/apache/1.3.0/share -> /opt2/www/data and the DocumentRoot is set to /usr/local/apache/1.3.0/share/htdocs. The followin appears in the error_log file when one tries to access any document on the site:
Symbolic link not allowed: /usr/local/apache/1.3.0/share/htdocs If a simple change is made such that DocumentRoot is set to /opt2/www/data/htdocs instead, the pages are delivered as requested and no errors are generated. This happens whether the FollowSymLinks option is on or not (for security reasons it is better to have it off). In any case, it would be nice to be able to change the physical path of the data (especially when rdisting to several servers) while keeping the logical path constant (for ease of maintenance). Earlier versions of Apache did not mind symbolic links in the root parts of the directories. >How-To-Repeat: >Fix: Perhaps the directory_walk routine in http_request.c could ignore the server-root part of the directory structure. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
