tags:

views:

409

answers:

1
+1  Q: 

403 Forbidden on symlink in web root

I am on a shared hosting package on a LAMP stack with no shell access.

I can create symlinks using PHP's symlink() function.

Let's say my web root is /home/www/user1/public

Let's say I have a real directory named /home/www/user1/public/real_dir

And I create a symlink named /home/www/user1/public/fake_dir pointing to real_dir

Why would I get a 403 Forbidden when trying to access www.mydomain.com/fake_dir but not when trying to access www.mydomain.com/real_dir?

It shouldn't be a rights problem because when I create a file in PHP, I can access that all right.

I tried switching FollowSymlinks off and on in .htaccess (it was on), but no luck.

Could it be that FollowSymlinks is defined as not overwritable in a .htaccess file? Or is there something else to be aware of when working with Symlinks in Apache?

A: 

Apache has to be configured to allow access to the directory on the filesystem. This has to be done by a system administrator by inserting a <Directory> directive in the apache configuration files (httpd.conf).

Since the real directory is inside the web root it must be accessible, but FollowSymLinks may not have been enabled for the directory - this also has to be added to the <Directory> directive.

See http://httpd.apache.org/docs/2.0/mod/core.html#directory

sea36  2010-02-07 20:12:31
So if it's not configured that way, and `FollowSymlinks` is off, trying to access a symlink (even though the target is also in the web root) will raise a 403? Is this the reason?
Pekka  2010-02-07 20:14:16
Sorry, I just re-read your question and saw that the real directory is in the web root, so it will be accessible, however FollowSymLinks may not be enabled. I've updated my answer to reflect this.
sea36  2010-02-07 20:19:24
-1 This is still not an answer to OP's question. OP seems perfectly aware of the `FollowSymlinks` option. But he asks whether setting this from `.htaccess` can be overruled from httpd.conf.
fireeyedboy  2010-02-07 20:37:38
My answer says that FollowSymLinks must be enabled for a directory using the <Directory> directive in the httpd.conf file.
sea36  2010-02-07 20:42:56
Does anybody know a way to tell whether FollowSymlinks is enabled without access to the apache configuration?
Pekka  2010-02-07 20:57:34
@Pekka: Yes, if you are able to rewrite urls in .htaccess (with mod_rewrite rules) this should tell you that `FollowSymlinks` works.
fireeyedboy  2010-02-07 21:02:36
Ahh, interesting. In that case, FollowSymlinks is on, I can rewrite using mod_rewrite. (To preempt the obvious next question, I can't use mod_rewrite in the current context because my *ultimate* goal is to symlink to a directory outside the web root.)
Pekka  2010-02-07 21:05:01
@sea36: Setting the `FollowSymLinks` directive from within `.htaccess` is usually perfectly legal. Therefor your answer is still not an answer to OP's his question.
fireeyedboy  2010-02-07 21:06:40
I'm just seeing that the symlink's owner is PHP, but the target's is the web server. Maybe that causes the funny behaviour. I'll try to chown from within my PHP script.
Pekka  2010-02-07 21:08:51
@Pekka: Whether this is actually even possible or not (I don't know really)... but, are you sure you even want to do this?! This basically defeats the purpose of hiding directories from the root and could be considered a huge security issue IMHO. Heck, you might as well put the directory in the root then anyway, no?
fireeyedboy  2010-02-07 21:09:33
@fireeyedboy I am deploying a web app to the web root from a svn checkout. I have three or four separate applications (documentation, tests, tools) that I want to keep out of the way of the central web app, but as I want everything under the same domain, I would like to have them there as symlinks. It's not really *necessary* - I could just move the apps into the web root as you say - but it would make for a nice, clean structure. It's o.k. security wise because the directories I symlink to are safe for public use.
Pekka  2010-02-07 21:13:04
Aargh, due to the safe mode I can't even change the owner of my symlink. I think I am going to put the directories into the web root for now. Thanks for your time everyone.
Pekka  2010-02-07 21:19:48
@fireeyedboy FollowSymLinks may have been disabled for the directory in the apache configuration files. If this is the case then the declaration in .htaccess will be ignored unless the apache configuration also sets an appropriate AllowOverride directive.
sea36  2010-02-07 21:24:12

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases