← Back to team overview

enterprise-support team mailing list archive

  1. enterprise-support team
  2. Mailing list archive
  3. Message #10437

[Bug 2068641] [NEW] Ubuntu 24.04 apache2: misleading comment in default /etc/apache2/apache2.conf

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hi,

I *think* the comment above the <Directory> directive is misleading in
the default /etc/apache2/apache2.conf:

--- 8< ---
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
--- 8< ---

Placing a symlink pointing e.g. to /etc in the /var/www/html/ directory
(e.g. 'ln -s /etc /var/www/html/foo') happily shows the content of /etc/
when accessing http://<server address>/foo while the comment above
suggests it doesn't. From apache2 documentation this is expected(?) so I
think the comment in the configuration file is misleading. I *guess*
this is not limited to the current version.

Regards,
 Oliver

--- 8< ---
# lsb_release -rd
No LSB modules are available.
Description:    Ubuntu 24.04 LTS
Release:        24.04
--- 8< ---
# apt-cache policy apache2
apache2:
  Installed: 2.4.58-1ubuntu8.1
  Candidate: 2.4.58-1ubuntu8.1
  Version table:
 *** 2.4.58-1ubuntu8.1 500
        500 http://de.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.4.58-1ubuntu8 500
        500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
--- 8< ---

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2068641

Title:
  Ubuntu 24.04 apache2: misleading comment in default
  /etc/apache2/apache2.conf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2068641/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next