Loggy - 6:02 pm on Jan 20, 2013 (gmt 0)

This is really "How to crash a web server 101."

Place a .htaccess fill somewhere above docroot. Especially in the server root directory.

This returns the usual 403:

"Forbidden

You don't have permission to access / on this server."

Which is a bit misleading. I was looking in docroot and seeing nothing wrong. Then it transpired that all sites on the server were getting the same error.

I looked in the error_log and saw:

"[Fri Jan 18 18:30:56 2013] [crit] [client 0.0.0.0] (13)Permission denied: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable"

Which I still interpreted wrongly as referring to docroot.

Then the penny dropped - I had inadvertently dropped an .htaccess into the server root "/" that was unreadable by apache (ie it was owned by root:root without global read).

I removed it and everything was OK.

So my questions are:

1) Why does Apache search above the docroot anyway?
2) Is there a way of stopping it searching above docroot?

Just in case this happens again!