Apache and SymLinks

Apache and Symbolic Links

I began reading the instructions for installing rails on the wiki, and they tell me that I should NOT set up the rails stuff inside my DocumentRoot, but instead set it up elsewhere, and only expose the public subdirectory via a symbolic link. This makes sense from the point of view of security, so I do as they say.

cd /u1
rails rails
cd Documentroot
ln -s /u1/rails/public rails

Now when I direct my browser to http://server.org/rails I get an Internal Server Error message and the apache log file says:

/www/main/rails/.htaccess: AddHandler not allowed here

Now I know that my apache has previously been happy to accept AddHandler within a .htaccess file, so there is something funny about passing through a symbolic link. It is not true (as some say) that AddHandler is disallowed in .htaccess. Notice that the .htaccess itself is being processed.

This is solved by putting the following lines into my /etc/httpd/conf.d/rails.conf file:

<Directory /www/main/rails>
    AllowOverride All
    Options +FollowSymLinks +ExecCGI
    AddHandler cgi-script .cgi
</Directory>

Some of these are indeed redundant with what is to be found in the .htaccess file (when we get there), but ultimately I would like to move the entire contents of .htaccess here and do away with them altogether.

Making friends with Apache

Reading the Apache docs confirms something I have read elsewhere, namely that .htaccess files should be avoided whenever possible. If you have access to the root httpd.conf file, you should just put directives right there and turn off .htaccess files altogether for security and efficiency.

It really is worthwhile to spend some time reading the online Apache manual. Note that the <Directory> directive applies to paths in the filesystem, whereas the <Location> directive applies to paths within the webspace (URLs).

Remember that the symbolic link is transparent to apache. Apache just sees the initial path and applies the Directory directive to it, there is no need to specify the path targeted by the link.

Feedback? Questions? Drop me a line!

Ruby on Rails notes / tom@mmto.org