Apache: Disable parsing of htaccess in webdav

.htaccessapache-2.4webdav

I have following directory layout:

/var/www/
    example.com/
        logs/
        html/
        stuff/

Apache is configured to normally serve from /var/www/example.com/html

I have configured webdav to work for the url https://example.com/server-admin and allow access to the other dirs, too:

<VirtualHost>
...
    Alias /server-admin /var/www/example.com/  
    <Location /server-admin >  

        Dav on

        AllowOverride None
        ...

With AllowOverride None I want to disable htaccess files so they don't break webdav operation.

This kind of works. But: if I upload an syntactically broken htaccess file everything falls apart with an 500 internal server error. I guess even so the file is not used, apache still parses it.

So I tried using AccessFilename .davaccess to change it so some other name, which kind of works, but not in <Location> but only globally in <VirtualHost>.

So what to do? How to I disable htaccess in a <Location> or how do I have to change layout in order for this to work?

Best Answer

You'll need to use a <Directory> container instead of a <Location> container in order to apply the AllowOverride directive. Whilst the AllowOverride directive has "directory" context (meaning that it would ordinarily be permitted in both <Location> and <Directory> containers, etc.), there is a specific restriction that states:

The AllowOverride directive works only in <Directory> sections.

This would seem to be reasonable since .htaccess files apply to physical directories, not strictly URLs (although URLs often map to physical directories). (The <Directory> container is also processed much earlier in the request. <Location> containers are processed late.)

Incidentally, you'd also need to set AllowOverrideList None on Apache 2.4 to completely disable .htaccess files. And as per the docs for AllowOverride:

When this directive is set to None and AllowOverrideList is set to None, .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.

I don't currently see how .htaccess (per-directory config files) can be conditionally enabled for an area of the filesystem (under a single virtual host). They are either enabled or not.

Reference:

UPDATE: The solution/workaround to this is probably to have a completely separate VirtualHost (maybe the same host, but different port?) just for WebDAV that points to the same area of the filesystem, in which .htaccess are completely disabled. However, dot-files (primarily .htaccess and .htpasswd) are also protected by default, so you would need to override this if required to allow read access.

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

Doing two rewrites with apache and rewrite module together with webdav

The problem is here:

RewriteRule ^(.*)$ /sharedfolders/${usergroup:%{LA-U:REMOTE_USER}}$1

What you're doing is catching the directory used in the URL, storing it in $1, and then appending $1 to the end of the line. If you don't what that part of the URL appended, just remove the $1 at the end.

To stop the rewrite after the sharedfolders rule, add the flag [L] to the end.

So the rule should end up looking like this:

RewriteRule ^(.*)$ /sharedfolders/${usergroup:%{LA-U:REMOTE_USER}} [L]

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Doing two rewrites with apache and rewrite module together with webdav

Related Topic