I hope all have had a great holiday season! My configuration is: RH Linux Kernel 2.4.20-8, Apache 2.0.48, OpenSSL -0.9.6l, PHP 4.3.4, Apache was compiled with SSL and SSL appears to work OK. My document root is http - /www/sd/htdocs, https - /www/sd/htdocs/jobs I don't want anyone accessing the jobs directory so I have a redirect in httpd.conf to send requests for <http://www/sd/htdocs/jobs> to <https://www/sd/htdocs/jobs> instead. All seems to work fine with http and https access with one blaring exception. My PHP scripts have include directives which pull include files from /www/sd/htdocs/include and that all works fine if run from one of the http subdirectories i.e. When running /www/sd/htdocs/test/index.php with this line: <?php include("../include/prepend.php"); .... ?> All works fine (note running from http area). But if I try the above code from an https directory, say <https://www/sd/hddocs/jobs> the it will fail with: PHP Warning: main(../include/prepend.php): failed to open stream: No such file or directory in /www/sd/htdocs/jobs/index.php on line 4 There is no problem if I change the include location to /www/sd/htdocs/jobs/include, I can run the scripts fine. So it seems I can include at the same level or below but not up any level in the directory tree if using https. I've also tried SSI to include a file (for testing purposes) with a similar result: <!--#include file="../include/middle.html" --> unable to include file "../include/middle.html" in parsed file /www/sdfair.com/htdocs/jobs/index.shtml Fails as you can see from the https side but works fine if run from <http://www/sd/htdocs/test> (an area where SSL is not enabled). This is the case with all other parts of the web site without SSL, all scripts with include directives work fine. I've searched the web and SSL documentation but I seem to be missing something here and am just banging my head against a wall. I've modified both httpd.conf and ssl.conf 'til I'm blue with no change in function. Has anyone with PHP run into similar problems? I imagine this is some SSL configuration oversight on my part but so far I've been unable to find it and would ask for anyone who may be able to help to please give suggestions on what directive(s) are causing this. I'd really appreciate a point in the right direction on a resolution. Thanks for your help, .......... Steve
