Welcome to WebmasterWorld Guest from 54.167.155.147

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

htaccess pcfg openfile error

why is apache checking above docroot?

   
6:02 pm on Jan 20, 2013 (gmt 0)



This is really "How to crash a web server 101."

Place a .htaccess fill somewhere above docroot. Especially in the server root directory.

This returns the usual 403:

"Forbidden

You don't have permission to access / on this server."

Which is a bit misleading. I was looking in docroot and seeing nothing wrong. Then it transpired that all sites on the server were getting the same error.

I looked in the error_log and saw:

"[Fri Jan 18 18:30:56 2013] [crit] [client 0.0.0.0] (13)Permission denied: /.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable"

Which I still interpreted wrongly as referring to docroot.

Then the penny dropped - I had inadvertently dropped an .htaccess into the server root "/" that was unreadable by apache (ie it was owned by root:root without global read).

I removed it and everything was OK.

So my questions are:

1) Why does Apache search above the docroot anyway?
2) Is there a way of stopping it searching above docroot?

Just in case this happens again!
6:42 pm on Jan 20, 2013 (gmt 0)



BTW sites-enables/000-default contains:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

so even if it found a .htaccess file, it shouldn't obey it but given this exclusion, why does it even look for it?

Should there be an AllowOverride for the directory immediately above docroot?