www.bonsaiframework.com
Page tree
Skip to end of metadata
Go to start of metadata

I have Apache setup on Ubuntu 9.10 using apt-get,

sudo /usr/sbin/apache2 \-version
Server version: Apache/2.2.12 (Ubuntu)

I believe I may have run into a bug with the directive AllowOverride Indexes. This is supposed to allow me to specify Indexes in the .htaccess but does not work. If you know the answer please let me know at tinmanemail-posts@yahoo.ca

Here is a simplified configuration of my setup. If you require more detail please look at my full article on Creating Online Shares.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    ServerName www.krypton.com
    ServerAlias www.krypton.com

    DocumentRoot /home/www.krypton.com/www

    # This restrictive a precedence for ALL directory blocks.
    <Directory />
        Options FollowSymLinks
        # This prevents use of .htaccess
        AllowOverride None
    </Directory>

    # Main location of static content for the websites.
    <Directory /home/www.krypton.com/www/>
        Options +MultiViews
        Order Allow,Deny
        Allow from all
    </Directory>

    Alias /shared.private "/home/www.krypton.com/shared.private"
    <Directory /home/www.krypton.com/shared.private>
        # Allow website admin to use .htaccess - http://httpd.apache.org/docs/2.2/mod/core.html,
        #     AuthConfig - Authentication
        #     Indexes - Makes directory browseable

        # Specifically Indexes does NOT work and may be a bug with Ubuntu or Apache.
        AllowOverride AuthConfig Indexes

        # This DOES allow Indexes to work but I want things to be more secure.
        #AllowOverride All
    </Directory>

    ErrorLog /var/log/apache2/www.krypton.com.error.log

    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel debug
    CustomLog /var/log/apache2/www.krypton.com.access.log combined
</VirtualHost>

Here are the contents of /home/www.krypton.com/shared.private/.htaccess,

# Enables directory listing BUT does not appear to work with AllowOverride Indexes
Options +Indexes

# Enable authentication, see http://httpd.apache.org/docs/2.0/howto/auth.html
AuthType Basic
AuthName "Password Required"
AuthUserFile /home/www.tin.homeip.net/keys/tinpham-www.tin.homeip.net.shared.private
Require valid-user

The strange thing is that if I comment out in .htaccess Options + Indexes, the authentication directives work fine. This is the exact example given in the Apache Docs.

Here are the error logs again when running LogLevel debug.

access log
64.229.193.132 - - [17/Feb/2010:11:43:02 -0500] "GET /shared.private/ HTTP/1.1" 500 640 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
error log
[Wed Feb 17 11:43:02 2010] [alert] [client 64.229.193.132] /home/www.krypton.com/shared.private/.htaccess: Options not allowed here
[Wed Feb 17 11:43:02 2010] [debug] mod_deflate.c(615): [client 64.229.193.132] Zlib: Compressed 623 to 383 : URL /shared.private/

Use Case Indexes by Itself Fails

I also used a simplified use case where the httpd.conf only contains,

AllowOverride AuthConfig Indexes

and the .htaccess only contains,

Options +Indexes

And the result is the same error.

  • No labels