[Bug 332087] Re: Disabling the default virtual host disables options on the root directory ('/').
Andrew Glen-Young
agy at canonical.com
Fri Feb 20 16:53:54 GMT 2009
** Description changed:
Binary package hint: apache2-common
Problem:
- Disabling the default virtual host enables 'AllowOverride Any' for the root ('/') directory and disables 'FollowSymlinks'.
+ Disabling the default virtual host enables 'AllowOverride All' for the root ('/') directory and disables 'FollowSymlinks'.
This effects (at least) Hardy and Intrepid's versions of Apache2.
Overview:
The default Apache virtual host (/etc/apache2/sites-available/default)
has a 'Directory' option for the root directory (see below). By
disabling the default virtual host these directives and the protections
they offer are removed.
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
Applying options to the root directory should probably not be delegated to this virtual host, even if the assumption is that the virtual host will not be disabled.
Moving this section to /etc/apache2/apache2.conf file will not alter the default configuration of the web server and will still protect the root directory even if the default virtual host is removed.
Solution:
Move the 'Directory' directive for the root directory from the default
virtual host file to the apache2.conf file (probably above the
'AccessFileName' directives).
--
Disabling the default virtual host disables options on the root directory ('/').
https://bugs.launchpad.net/bugs/332087
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list