[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#653313: apache2: Bug in mixing of mod_rewrite and directory index

Package: apache2.2-common
Version: 2.2.16-6+squeeze4
Severity: normal

If I enable mod_rewrite, and access a directory index URL (no index.html), I see this in my server logs:

   [Mon Dec 26 13:39:48 2011] [error] [client] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that
   RewriteRule directive is forbidden: /usr/share/apache2/icons/text.gif, referer: http://momjian.us/main/writings/

The system is trying to access the images that appear in directory listings, e.g. text.gif.

Adding "Options +FollowSymLinks" in /etc/apache2/sites-enabled/000-default did not help.  I had to add it to
/etc/apache2/mods-enabled/alias.conf with the attached patch:

	*** ./alias.conf.orig	2011-12-26 13:56:12.000000000 -0500
	--- ./alias.conf	2011-12-26 13:56:57.000000000 -0500
	*** 16,21 ****
	--- 16,23 ----
	  <Directory "/usr/share/apache2/icons">
	      Options Indexes MultiViews
	+     # remove log rewrite error for index lookups 2011-12-26
	+     Options +FollowSymLinks
	      AllowOverride None
	      Order allow,deny
	      Allow from all

This eliminated the log error message.
-- Package-specific info:
List of enabled modules from 'apache2 -M':
  actions* alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env include mime
  negotiation perl php5 python reqtimeout rewrite setenvif status
  (A * means that the .conf file for that module is not enabled in
List of enabled php5 extensions:
  pdo suhosin

-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork    2.2.16-6+squeeze4 Apache HTTP Server - traditional n
ii  apache2.2-common       2.2.16-6+squeeze4 Apache HTTP Server common files

apache2 recommends no packages.

apache2 suggests no packages.

Versions of packages apache2.2-common depends on:
ii  apache2-utils          2.2.16-6+squeeze4 utility programs for webservers
ii  apache2.2-bin          2.2.16-6+squeeze4 Apache HTTP Server common binary f
ii  libmagic1              5.04-5            File type determination library us
ii  lsb-base               3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  mime-support           3.48-1            MIME files 'mime.types' & 'mailcap
ii  perl                   5.10.1-17squeeze2 Larry Wall's Practical Extraction 
ii  procps                 1:3.2.8-9         /proc file system utilities

-- no debconf information

Reply to: