If you are not using RewriteRules then in .htaccess write Options -FollowSymLinks
This will disable the working of RewriteRules also! If you are using RewriteRules, create a symlink and using FilesMatch specify the above option for the symlink name. On Sat, Oct 4, 2008 at 8:10 AM, Paul B. Henson <[EMAIL PROTECTED]> wrote: > On Fri, 3 Oct 2008, Nilesh Govindrajan wrote: > > > /usr/pkg/etc/httpd/htpasswd owner is root and Apache runs as daemon / > > whatever you set in User directive. So its obviously not going to work > > with SymlinkIfOwnerMatch. You need FollowSymLinks in Options. > > I don't think you understand my problem/question. > > I don't want the symlink followed. > > The problem is that SSI successfully follows the symlink when I think it > shouldn't. > > > > On Sat, Oct 4, 2008 at 2:52 AM, Paul B. Henson <[EMAIL PROTECTED]> wrote: > > > > > > > > I'm running Apache 2.2.8, configured with SymlinkIfOwnerMatch and > > server-side includes enabled. > > > > It looks like the server-side include "include" directive ignores > the > > setting of SymlinkIfOwnerMatch? > > > > For example, let's say I have an htpasswd configuration file > outside of the > > document root: > > > > -rw-r----- 1 root webservd 7 Oct 3 14:00 > /usr/pkg/etc/httpd/htpasswd > > > > If I then make a symbolic link to that from a user account: > > > > lrwxrwxrwx 1 henson csupomona 27 Oct 3 14:01 > /user/henson/www/pass.html -> /usr/pkg/etc/httpd/htpasswd > > > > > > Access is forbidden, with the following message in the log file: > > > > [Fri Oct 03 14:01:51 2008] [error] [client 134.71.248.12] Symbolic > link not > > allowed or link target not accessible: > /export/user/henson/www/pass.html > > > > > > However, if I create a server parsed HTML file in the same > directory > > containing the following: > > > > <!--#include file="pass.html" --> > > > > When I request the .shtml file, the contents of the file pointed to > by the > > symbolic link are included. > > > > I had thought that configuring server side includes with > IncludesNoExec > > was reasonably safe, but it would appear that such a configuration > allows > > any file readable by the web server itself to be served? > > > > I took a look at mod_include.c, the include directive appears to be > handled > > by the handle_include function which calls either > ap_sub_req_lookup_file or > > ap_sub_req_lookup_uri depending on whether the include is file or > virtual, > > and then calls ap_run_sub_req to presumably handle dumping out the > content > > of the include. > > > > As a sub request, I would have intuitively thought it would honor > the > > configuration setting regarding symbolic links? > > > > Am I confused? Is there something wrong with my configuration? Is > this an > > expected behavior (I searched quite a bit and didn't find anything > > relevant)? > > > > Thanks much for any help... > > > > > > -- > > Paul B. Henson | (909) 979-6361 | > http://www.csupomona.edu/~henson/ <http://www.csupomona.edu/%7Ehenson/> < > http://www.csupomona.edu/%7Ehenson/> > > Operating Systems and Network Analyst | [EMAIL PROTECTED] > > California State Polytechnic University | Pomona CA 91768 > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server > Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > " from the digest: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > -- > Paul B. Henson | (909) 979-6361 | > http://www.csupomona.edu/~henson/<http://www.csupomona.edu/%7Ehenson/> > Operating Systems and Network Analyst | [EMAIL PROTECTED] > California State Polytechnic University | Pomona CA 91768 > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Nilesh Govindrajan ([EMAIL PROTECTED]) iTech7 Site and Server Administrator www.itech7.com
