>Number: 4221 >Category: config >Synopsis: Mistake in the security configuration for users' public_html >file in the httpd.conf >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: mistaken >Submitter-Id: apache >Arrival-Date: Fri Apr 9 18:50:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: Linux RedHat 5.2. I assume this is in every config file, however. >Description: The default httpd.conf-dist seemed to be incorrect about how to allow users to have public_html directories accessible (I wanted to change to allow Indexes, in this case).
Instead of the line <Directory /*/public_html>, I had to use the line <Directory ~ /*/public_html> before the configuration file changes to the Options tag (but presumable any information inside that <Directory> area) would work. >How-To-Repeat: Use the default httpd.conf and try to get a directory index (a directory without an DirectoryIndex specified file in it, usually a file listing of all things in the directory). >Fix: Modify the default httpd.conf-dist. The line: <Directory /*/public_html> Should really be this, I think: <Directory ~ /*/public_html> ... because it makes it work. :) >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
