Ubuntu 24.04 apache2: misleading comment in default /etc/apache2/apache2.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Debian) |
New
|
Unknown
|
|||
apache2 (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Hi,
I *think* the comment above the <Directory> directive is misleading in the default /etc/apache2/
--- 8< ---
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
Require all denied
</Directory>
<Directory /usr/share>
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
Require all granted
</Directory>
--- 8< ---
Placing a symlink pointing e.g. to /etc in the /var/www/html/ directory (e.g. 'ln -s /etc /var/www/html/foo') happily shows the content of /etc/ when accessing http://<server address>/foo while the comment above suggests it doesn't. From apache2 documentation this is expected(?) so I think the comment in the configuration file is misleading. I *guess* this is not limited to the current version.
Regards,
Oliver
--- 8< ---
# lsb_release -rd
No LSB modules are available.
Description: Ubuntu 24.04 LTS
Release: 24.04
--- 8< ---
# apt-cache policy apache2
apache2:
Installed: 2.4.58-1ubuntu8.1
Candidate: 2.4.58-1ubuntu8.1
Version table:
*** 2.4.58-1ubuntu8.1 500
500 http://
500 http://
100 /var/lib/
2.
500 http://
--- 8< ---
Changed in apache2 (Debian): | |
status: | Unknown → New |
Hello Oliver,
Thank you for making this bug report!
This documentation is pulled directly from Debian which you can find at [0]. I think it'd be best to have a discussion about this with Debian. Would you be okay making this bug report with Debian as well?
[0] - https:/ /salsa. debian. org/apache- team/apache2/ -/blob/ master/ debian/ config- dir/apache2. conf.in? ref_type= heads#L153