You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Justin M." <gl...@jackmoves.com> on 2003/04/03 03:06:37 UTC
[users@httpd] AllowOverride behaving weird
I am experiencing a very weird, and annoying, problem with the
AllowOverride directive in Apache 1.3.27. This problem cropped up after I
updated the glibc Redhat package to version 'glibc-2.3.2-4.80'. I have ran
my Apache webserver for years without ever running into anything like
this. Whenever AllowOverride is set to *anything but* None, I get the
following error:
[Sat Mar 22 17:18:52 2003] [crit] [client 193.252.111.xxx]
/home/httpd/.htaccess pcfg_openfile: unable to check htaccess file, ensure
it is readable
/home/httpd being my doc root. When I get this error I will get a 403
access denied message when trying to access any website on my server.
Apache seems to check for .htaccess in *every* directory under doc root
and if it doesn't exist, it denys access. I have tried doing 'touch
/home/httpd/.htaccess' which results in access being given to /home/httpd,
but nothing else. So I get a website that has the index.html loaded but
none of the images in /home/httpd/images. The error in the log then looks
like:
[Sat Mar 22 17:20:31 2003] [crit] [client 193.252.111.xxx]
/home/httpd/images/.htaccess pcfg_openfile: unable to check htaccess file,
ensure it is readable
I have never had this happen before and those directories that Apache is
complaining about have never had .htaccess files in them. My AllowOverride
has been set to 'Limit AuthConfig FileInfo' for years with no problems. I
have recompiled Apache from source multiple times after the glibc update
and always get the same results. Right now my AllowOverride is set to
None, so my websites work for the most part. However, I have some pretty
bad problems with some things because I cannot set variables for certain
directories with .htaccess anymore.
After all the troubleshooting I've done the last week or so, the only
thing I can attribute the problem to is the glibc update. If I do an ldd
on my httpd binary, I can see that almost all the shared libraries that
httpd uses were modified when the glibc update was installed. I searched
in the Apache archives today for anything like this and found nothing.
When doing a google search on my error message last week I did find the
following:
http://www.apache.org/dist/httpd/patches/apply_to_1.3.2/htaccess_check.txt
That problem is basically what I am experiencing. However, my PHP version
is at 4.2.3 and Apache version is much newer, 1.3.27. I also found another
thread in that search that said the problem could be caused by libcrypt
being compiled incorrectly? Any help would be greatly appreciated.
Justin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by "Justin M." <gl...@jackmoves.com>.
I have actually proved the problem to be with Redhat's new glibc 2.3.2-4.80.
Using gdb we were able to find out that Apache is doing everything correctly
(as I had thought originally) and the problem is with an OS lib function, we
think fopen. I searched for glibc on Redhat's bugzilla website and found many
problematic issues with their latest glibc version. I was able to back out the
new glibc and revert back to the glibc version I had installed previously
(2.2.93-5). Once I got this glibc version installed AllowOverride and
everything is back to working perfectly fine. So, something obviously changed,
or is broken in the new Redhat glibc version, I just do not have the time or
patience to debug anymore to find out exactly what it is. I am going to report
it to Redhat's bugzilla site and see what they say...
Justin
--
glowecon@jackmoves.com
www.jackmoves.com
---------- Original Message -----------
From: "John P. Dodge" <do...@cruciate.ca.boeing.com>
To: users@httpd.apache.org
Sent: Mon, 7 Apr 2003 10:06:16 -0700 (PDT)
Subject: Re: [users@httpd] AllowOverride behaving weird
> This has probably been mentioned before but do you have the execute 'x'
> bit set on the .htaccess file?
>
> ----------------------------------------
> "Mon aƩroglisseur est plein d'anguilles"
> John P. Dodge
> Boeing Shared Services
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
------- End of Original Message -------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by "John P. Dodge" <do...@cruciate.ca.boeing.com>.
On Thu, 3 Apr 2003, Joshua Slive wrote:
>
>
> On Thu, 3 Apr 2003, Justin M. wrote:
>
> > Any other ideas?
>
> Nope. You got me. For some reason, when apache tries to open the
> .htaccess file, the OS is returning an error other than "not found".
> Could be a problem with the OS/libc or could be an apache problem.
>
> Joshua.
>
This has probably been mentioned before but do you have the execute 'x'
bit set on the .htaccess file?
----------------------------------------
"Mon aƩroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by "Justin M." <gl...@jackmoves.com>.
I've been doing some more searching today and found that this exact
problem was a bug in Apache 1.3.2. The bug was described as missing
htaccess files causing denied access.
http://www.geocrawler.com/archives/3/420/1998/9/0/2314537/
http://www.phpbuilder.com/mail/php3-list/199809/1691.php
I also found a more recent finding of this problem just now, no fix
provided tho :(
http://citadelle.intrinsec.com/mailing/current/HTML/ml_apache-server-bugs/1471.html
I am fairly certain that Apache is not causing this problem in my case. It
has to be the glibc updates from the latest Redhat glibc rpms. I just have
no idea how to get around that or find out which shared lib changed that
could be causing this...
Justin
On Thu, 3 Apr 2003, Joshua Slive wrote:
>
>
> On Thu, 3 Apr 2003, Justin M. wrote:
>
> > Any other ideas?
>
> Nope. You got me. For some reason, when apache tries to open the
> .htaccess file, the OS is returning an error other than "not found".
> Could be a problem with the OS/libc or could be an apache problem.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 3 Apr 2003, Justin M. wrote:
> Any other ideas?
Nope. You got me. For some reason, when apache tries to open the
.htaccess file, the OS is returning an error other than "not found".
Could be a problem with the OS/libc or could be an apache problem.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by "Justin M." <gl...@jackmoves.com>.
It works:
-bash-2.05b$ id
uid=80(www) gid=80(www) groups=80(www),100(users)
-bash-2.05b$ pwd
/home/httpd
-bash-2.05b$ ls
arsenic forum includes nigmz3k soi
bemused galaktek index.html openwebmail status
ben gerry index.html.bak openwebmail.20030305 styles
<snipped>
Any other ideas?
Justin
--
glowecon@jackmoves.com
www.jackmoves.com
---------- Original Message -----------
From: Joshua Slive <jo...@slive.ca>
To: users@httpd.apache.org
Sent: Thu, 3 Apr 2003 11:33:16 -0500 (Eastern Standard Time)
Subject: Re: [users@httpd] AllowOverride behaving weird
> Now login as the User/Group specified in httpd.conf and try to ls
> that directory.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
------- End of Original Message -------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 2 Apr 2003, Justin M. wrote:
> Yes it does have the right permissions:
> drwxr-xr-x 42 glowecon www 4096 Mar 27 17:49 httpd
>
> The server has been running fine for almost 3 years in this configuration.
> Up until the glibc update. Something is not right and I'm pretty certain
> it's not my Apache or the configuration. Any other ideas? Thanks for the
> help too..
Now login as the User/Group specified in httpd.conf and try to ls that
directory.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by "Justin M." <gl...@jackmoves.com>.
Yes it does have the right permissions:
drwxr-xr-x 42 glowecon www 4096 Mar 27 17:49 httpd
The server has been running fine for almost 3 years in this configuration.
Up until the glibc update. Something is not right and I'm pretty certain
it's not my Apache or the configuration. Any other ideas? Thanks for the
help too..
Justin
On Wed, 2 Apr 2003, Joshua Slive wrote:
>
> Does Apache (or "other") have read permission on the /home/httpd
> directory?
>
> Apache must be able to read any directory where AllowOverride is not set
> to none. Otherwise a security problem could arise if someone tries to
> restrict access to a directory using .htaccess, but an attacker is able to
> make the .htaccess file unreadable.
>
> So your choices:
> 1. Allow apache read access to these directories; or
> 2. Turn off AllowOverride except in the directories where you need it.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] AllowOverride behaving weird
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 2 Apr 2003, Justin M. wrote:
> I am experiencing a very weird, and annoying, problem with the
> AllowOverride directive in Apache 1.3.27. This problem cropped up after I
> updated the glibc Redhat package to version 'glibc-2.3.2-4.80'. I have ran
> my Apache webserver for years without ever running into anything like
> this. Whenever AllowOverride is set to *anything but* None, I get the
> following error:
> [Sat Mar 22 17:18:52 2003] [crit] [client 193.252.111.xxx]
> /home/httpd/.htaccess pcfg_openfile: unable to check htaccess file, ensure
> it is readable
Does Apache (or "other") have read permission on the /home/httpd
directory?
Apache must be able to read any directory where AllowOverride is not set
to none. Otherwise a security problem could arise if someone tries to
restrict access to a directory using .htaccess, but an attacker is able to
make the .htaccess file unreadable.
So your choices:
1. Allow apache read access to these directories; or
2. Turn off AllowOverride except in the directories where you need it.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org