<div dir="ltr">As an aside/PSA, allowing webservers to follow symlinks is dangerous, and if you must do it, read up on it first.<br><div><br></div><div>The basic attack is that if someone manages to create a symlink, they can potentially point it anywhere on your server, and read anything the webserver can read (other users files, your <br>CMS config file that has your database uid/pw in it, your system passwd file, etc, etc). For a remote attacker to create a symlink in the first place is not *necessarily* trivial, depending on various factors (For example, do you follow a dev/stage/production workfliow where all changes are made by git and your webroots are 100% readonly, and writes *only* happen in a separate vhost/webroot that is dedicated only to files that might potentially have been written by attackers?) and so forth. And sure, it's less dangerous if your vhost is chrooted in the webroot (but that thing about them symlinking to your CMS config file would still be a thing).</div><div><br></div><div>For our cPanel servers, we entirely disabled symlinks. Rewrite rules, hard links, using php to get your content from it's real home.... there are ways to get things done w/o symlinks.</div><div><br></div><div>Anyway, all that to say "News Flash! Jerks Are Everywhere, Hate it when People Have Nice Things!"</div><div><br></div><div>-Cedric</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 4 Apr 2019 at 23:21, Steve Izma <<a href="mailto:sizma@golden.net">sizma@golden.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, Apr 04, 2019 at 09:34:53PM -0400, Charles M wrote:<br>
> Subject: [kwlug-disc] Apache 403 & access.log questions<br>
> <br>
> When I surf to sitename/help/ access.log shows a 200 for the<br>
> index.html in that directory. However the index.html is just a<br>
> redirect to a subfolder below help called me/. That redirected folder<br>
> seems to be generating a 403 error. me/ has the same user and group<br>
> permission as well as the same access permissions - so I'm thinking<br>
> this has something to do with my main site apache configuration file?<br>
<br>
I'm not sure what you mean by a redirect -- do you mean that that<br>
sitename/help/index.html contains either an HTML <meta<br>
content=...> tag (or some sort of javascript) or do you mean that<br>
index.html is a symbolic link to something in the subdirectory?<br>
If it's a link, then the apache config or .htaccess needs<br>
"FollowSymLinks" as an option. I would think a symlink is more<br>
straight forward than an extra file with code in it.<br>
<br>
-- Steve<br>
<br>
-- <br>
Steve Izma<br>
-<br>
Home: 35 Locust St., Kitchener, Ontario, Canada N2H 1W6<br>
E-mail: <a href="mailto:sizma@golden.net" target="_blank">sizma@golden.net</a> phone: 519-745-1313 cell: 519-998-2684<br>
<br>
A: Because it messes up the order in which people normally read text.<br>
Q: Why is top-posting such a bad thing?<br>
A: Top-posting.<br>
Q: What is the most annoying thing in e-mail?<br>
<<a href="http://en.wikipedia.org/wiki/Posting_style" rel="noreferrer" target="_blank">http://en.wikipedia.org/wiki/Posting_style</a>><br>
<br>
<br>
_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><span style="font-family:monospace,monospace">| CCj/ClearLine - Hosting and TCP/IP Network Services since 1997</span><br style="font-family:monospace,monospace"><span style="font-family:monospace,monospace">| 118 Louisa Street, Kitchener, Ontario, N2H 5M3, 519-489-0478x102</span><br style="font-family:monospace,monospace"><span style="font-family:monospace,monospace">\________________________________________________________ </span><br style="font-family:monospace,monospace"><span style="font-family:monospace,monospace"> Cedric Puddy, IS Director cedric@ccj.host</span><br></div></div>