webserver strangeness.

From: Steve (steve_at_focb.co.nz)
Date: 07/08/04

  • Next message: Dave Ihnat: "Re: webserver strangeness."
    Date: Thu, 8 Jul 2004 15:19:31 +1200 (NZST)
    To: redhat-list@redhat.com

    Standard ES 3 with httpd

    updates applied

    I have setup an upload area and enabled WebDAV, I've added an htaccess
    type entry to <Limit> GET requests to anonymous users (anyone can view the
    URLs) and then added a further <Limit> for all other directives to be
    allowed after authenticating only.

    The reason for this (as everyone seems to be asking me "why bother" is
    that I need to find an easy way to upload a few thousand photos and add
    them into a gallery, the gallery software allows either "groups of 10
    files to be uploaded" or a URL to be supplied that it will wander off to
    and suck down the photos.

    Due to ease of explaining how things work to end users, it was decided to
    create a simple system using webdav so uploads can be done as if the site
    were a hard drive then they put in the URL "uploads.blah.com" into the
    gallery system and it will suck their photos across.

    I tried sucessfully to make the DAV folder under the main site but the
    gallery URL suck became confused for some reason and required the images
    to be in the root of the web structure.

    It appears that someone within the organisation that sets up the
    httpd.conf decided that disableing indexes by default within apache was
    not enough to stop stupid admins from displaying their directory structure
    to the world (despite the fact that you had to actually enable this option
    to doso) - so they would also do a location rewrite if the url requested
    was the root of the web site and the file served was not one of the
    index files.

    #<LocationMatch "^/$>
    # Options -Indexes
    # ErrorDocument 403 /error/noindex.html

    I have since disabled this (IMHO - Braindead) option and restarted apache.
    However, I am still getting a random "forbidden" rule and redirect if I
    try to goto the root of my upload vhost.

    My Config for this vhost is..

    <Directory "/var/www/vhost/uploads">
        DAV On
        Options Indexes FollowSymLinks MultiViews
        AllowOverride all
        AuthType Basic
        AuthName jany
        AuthUserFile /var/www/vhost/htpasswd
        AuthGroupFile /dev/null
        <Limit GET>
         Order allow,deny
         Allow from all
         Require valid-user

    Document Root is set to..

    DocumentRoot /var/www/vhost/uploads

    I have just spent the past hour scouring through the httpd.conf file
    trying to find any reference to a redirect to a forbbiden document or an
    index document and I cant find anything. I have set "Indexes" as an option
    on every <Directory> Idirective I can find in the vain hope that it was
    something else.

    Whoever in their right mind dreamed up the idea that disabling indexes and
    making it near on impossible to re-enable them needs a freakin bullet to
    the head !!! if an admin makes a concious decision to allow a function to
    happen outside default spec then WHY MAKE IT FREAKIN NEAR ENOUGH TO

    Ok, so ranting probably doesnt help but I have hardly any hair left.

    god, its things like this that almost make you want to go back to using
    IIS or Apache 1.3 - at least they bloody work !.

    redhat-list mailing list
    unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe

  • Next message: Dave Ihnat: "Re: webserver strangeness."