[users@httpd] Apache is unable to access /tmp in any way

[accelerator0099]

This problem happened in a recent apache release before version 2.4.55. 
I encountered this after a system upgrade a month ago.


Apache is unable to access /tmp in any way.


We may let apache host some external websites by:

Alias "/ext" "/path/to/external"
<Directory "/path/to/external">
     Options Indexes
     Require all granted
</Directory>


You can access that through http://yourwebsite/ext

This works most of the time. Changing "/path/to/external" to any path 
works fine including /bin, /srv, /etc ...

Except for anything under /tmp.

I always get 403 Forbidden for that.

For other directories, as long as apache has access permission on them, 
I could always get their content listed.

Only for /tmp I get 403 Forbidden.

Indexing (/ext) and actual file accessing (/ext/index.html) are both 
forbidden.


Why is /tmp different from others?

Changing permission of /tmp to 755 does not work, either.


Debug log here:

[authz_core:debug] [pid 4469:tid 
140408108734144]mod_authz_core.c(815): [client 127.0.0.1:37804] 
AH01626: authorization result of Require all denied: denied
[authz_core:debug] [pid 4469:tid 
140408108734144]mod_authz_core.c(815): [client 127.0.0.1:37804] 
AH01626: authorization result of <RequireAny>: denied
[authz_core:error] [pid 4469:tid 140408108734144] 
[client127.0.0.1:37804] AH01630: client denied by server 
configuration: /tmp/http


Build options:

./configure --sbindir=/usr/bin \
     --enable-layout=Arch \
     --enable-mpms-shared=all \
     --enable-modules=all \
     --enable-mods-shared=all \
     --enable-so \
     --enable-suexec \
     --with-suexec-caller=http \
     --with-suexec-docroot=/srv/http \
     --with-suexec-logfile=/var/log/httpd/suexec.log \
     --with-suexec-bin=/usr/bin/suexec \
     --with-suexec-uidmin=99 --with-suexec-gidmin=99 \
     --enable-ldap --enable-authnz-ldap --enable-authnz-fcgi \
     --enable-cache --enable-disk-cache --enable-mem-cache 
--enable-file-cache \
     --enable-ssl --with-ssl \
     --enable-deflate --enable-cgi --enable-cgid \
     --enable-proxy --enable-proxy-connect \
     --enable-proxy-http --enable-proxy-ftp \
     --enable-dbd --enable-imagemap --enable-ident --enable-cern-meta \
     --enable-lua --enable-xml2enc --enable-http2 \
     --enable-proxy-http2 --enable-md --enable-brotli \
     --with-apr=/usr/bin/apr-1-config \
     --with-apr-util=/usr/bin/apu-1-config \
     --with-pcre2


Source:

https://www.apache.org/dist/httpd/httpd-2.4.55.tar.bz2


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org