From nobody@hyperreal.com Thu Apr 10 10:17:42 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.4/8.8.4) id KAA21619; Thu, 10 Apr 1997 10:17:42 -0700 (PDT) Message-Id: <199704101717.KAA21619@hyperreal.com> Date: Thu, 10 Apr 1997 10:17:42 -0700 (PDT) From: Harald Weidner Reply-To: weidner@ifi.unizh.ch To: apbugs@hyperreal.com Subject: undocumented incompatibility between Apache and NCSA-httpd X-Send-Pr-Version: 3.2 >Number: 353 >Category: config >Synopsis: undocumented incompatibility between Apache and NCSA-httpd >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: doc-bug >Submitter-Id: apache >Arrival-Date: Thu Apr 10 10:20:01 1997 >Last-Modified: Sat Jun 28 15:36:20 PDT 1997 >Originator: weidner@ifi.unizh.ch >Organization: >Release: 1.2b7 >Environment: Apache-1.2b7, NCSA-httpd-1.5.1 SunOS 4.1.3 and Solaris 2.5.1, gcc-2.5.8 >Description: Apache denies access to http://server/dir/link/, when - link is a symbolic link to another directory, and - this other directory contains an .htaccess file with an "Options" line NOT including a "FollowSymLinks" statement (even when "Indexes" is given), and - In the global access.conf file, "Options FollowSymLinks" and "AllowOverride all" are set (in the relevant context). NCSA-httpd does not. In other words, Apache honours a non-given "FollowSymLinks" even after processing the link; NCSA-httpd does not. >How-To-Repeat: Create the situation described above, and run Apache vs. NCSA-httpd over the same webspace. If my description is obfusicating, email me, and I send you full configuration files. >Fix: IMHO, this was a bug in NCSA-httpd, while Apache behaves correctly. So, don't patch Apache, but put this problem to www.apache.org, section: Known incompabilities to NCSA-httpd. %0 >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: dgaudet State-Changed-When: Sun Jun 22 17:35:25 PDT 1997 State-Changed-Why: Actually I don't think Apache is correct in this case. For example, I did this: cd htdocs/manual echo Options -FollowSymLinks >.htaccess cd .. ln -s manual symlink Then I accessed /symlink (or /symlink/) and got a 403, which is the incompatibility that you're describing. However if I access /symlink/index.html it succeeds. This is an inconsistency that really shouldn't exist. The symlink stuff is supposed to be tested with the permissions of the parent directory. I'm submitting a patch for the rest of the group to consider. Thanks for using Apache! Dean State-Changed-From-To: analyzed-closed State-Changed-By: dgaudet State-Changed-When: Sat Jun 28 15:36:19 PDT 1997 State-Changed-Why: A fix for this has been committed to 1.2.1-dev and 1.3-dev. Dean >Unformatted: