Apache options directive trap

When configuring the Apache HTTP server, we use the Options directive to control which server features are available in a particular directory. We may, for example, write a config like this:

<Directory /usr/share/nagios>
    Options +ExecCGI Indexes FollowSymLinks
    ...
</Directory>

With this configuration, we hope to enable CGI if it has not been enabled, and set auto index and follow symlink option. However, this is completely wrong and will not work. when you access a cgi in this directory, you will get a 403 Forbidden page.

In fact, the apache document has already stated this:

Warning

Mixing Options with a + or - with those without is not valid syntax, and is likely to cause unexpected results.

That is to say, if you want to use the + or – sign, use them for all options, otherwise it will not work. So, the correct config should like this(all with plus sign)

<Directory /usr/share/nagios>
    Options +ExecCGI +Indexes +FollowSymLinks
    ...
</Directory>

Also, if you want to remove some option, eg, disable SSI, you can write it this way.

<Directory /usr/share/nagios>
    Options +ExecCGI +Indexes +FollowSymLinks -Includes
    ...
</Directory>

In fact, when we use the Options directive without + or – singn, we mean “set options to these …”. when use + singn, we mean “Add this option”. when we mix them together, Apache will be confused, it may wonder:

  1. Set options to those you specified here(this is the final result)
  2. Add the specified option to, or remove from existing option(existing + to_be_added – to_be_removed = final)

If it picks 1, it can’t satisfy 2. If it picks 2, it can’t satisfy 1. So, it’s clear that we should Never mix Options with a + or – with those without

This entry was posted in System Administration, Web and tagged , . Bookmark the permalink.

Leave a Reply