Disabling the default virtual host disables options on the root directory ('/').

Bug #332087 reported by Andrew Glen-Young
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)

Bug Description

Binary package hint: apache2-common


Disabling the default virtual host enables 'AllowOverride All' for the root ('/') directory and disables 'FollowSymlinks'.
This effects (at least) Hardy and Intrepid's versions of Apache2.


The default Apache virtual host (/etc/apache2/sites-available/default) has a 'Directory' option for the root directory (see below). By disabling the default virtual host these directives and the protections they offer are removed.

<Directory />
    Options FollowSymLinks
    AllowOverride None

Applying options to the root directory should probably not be delegated to this virtual host, even if the assumption is that the virtual host will not be disabled.

Moving this section to /etc/apache2/apache2.conf file will not alter the default configuration of the web server and will still protect the root directory even if the default virtual host is removed.


Move the 'Directory' directive for the root directory from the default virtual host file to the apache2.conf file (probably above the 'AccessFileName' directives).

description: updated
Revision history for this message
Andreas Olsson (andol) wrote :

I agree. <Directory /> ... </Directory> really should be set globally.

That said I'm not sure if this is a critical issue. Perhaps a more natural place to have this fix would be in the Debian package which Ubuntu inheritate?

Changed in apache2:
status: New → Confirmed
Stefan Nienaber (dada33)
Changed in apache2 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers