Bugzilla Bug 201586

Line 18 of the current version of /etc/apache2/modules.d/70_mod_php5.conf
contains a gentoo-patched directive called AddDirectoryIndex. This directive
needs to be wrapped with a <IfModule mod_dir.c>...</IfModule> or apache reports
errors for those not loading the mod_dir module.

Reproducible: Always

Steps to Reproduce:
1. Comment out line 295 of current /etc/apache2/httpd.conf "LoadModule
dir_module modules/mod_dir.so
2. Run "/etc/init.d/apache2 configtest" as root - reports error in the php
module.
3.

Actual Results:  
The apache init script's configtest reports an unknown directive
AddDirectoryIndex in the php5 module.

Expected Results:  
No close coupling between the php5 module and other non-required modules.

Sigh. That module simply should NOT be optional or mod_php and lots of other
apache modules become no-op, end of story. :/

Hollow - if you don't want to make this mandatory, WONTFIX this bug. 

PHP is not going to check for mod_dir for AddDirectoryIndex directive, it
doesn't work properly without it and as such the error is intended. We have
enough users asking about on IRC why apache lets them download PHP files
instead of parsing them already (which boils down to either failure to restart
apache or browser cache/proxy in the way). This would add yet another hard to
debug breakage.

BTW, ditto for mod_mime. Don't complain to PHP folks if you disable it and
things break.

well, there is a reason it is in the default selection, but i will not remove,
because it might be useful for people building small, static apaches where
mod_dir might not be necessary. (the same is true for mod_authz_host btw)

Uh - we talking about the same mod_dir? I added the IfModule wrapper to
70_mod_php5.conf and commented out the LoadModule dir_module line in httpd.conf
and PHP appears to run fine. As far as I have always known (and I DO make my
living with web apps and configuring apache) mod_dir just does some
behind-the-scenes rewrites for you (not counting actually generating directory
listing markup). And for security reasons I don't even want the possibility of
apache automatically generating directory listings.

However, I will just leave my own changes in and have to merge any future
updates to 70_mod_php5.conf. I always have to comment out massive quantities of
LoadModules in httpd.conf itself anyway since the default config completely
misses the whole security concept of "only enable what is needed"..

(In reply to comment #5)
> Uh - we talking about the same mod_dir? 

Unless there's another mod_dir which I've missed, then yeah :)
http://httpd.apache.org/docs/2.2/mod/mod_dir.html

> I added the IfModule wrapper to 70_mod_php5.conf and commented out the 
> LoadModule dir_module line in httpd.conf and PHP appears to run fine.

Except that index.php won't be added to DirectoryIndex, which is kinda what
most webapps expect. ;)

> I always have to comment out massive quantities of
> LoadModules in httpd.conf itself anyway since the default config completely
> misses the whole security concept of "only enable what is needed"..

Well, our default configuration mostly matches upstream, as far as enabled
modules are concerned (except for mod_auth_digest which was causing immense
trouble due to lack of entropy). So if you think this should be handled
differently, you should talk to upstream folks about it.

(In reply to comment #5)
> However, I will just leave my own changes in and have to merge any future
> updates to 70_mod_php5.conf. I always have to comment out massive quantities of
> LoadModules in httpd.conf itself anyway since the default config completely
> misses the whole security concept of "only enable what is needed"..

The apache-2.2.x ebuilds automatically generate the load module lines for
built-in modules, so maybe you should etc-update after upgrading/changing
APACHE2_MODULES

i have added a warning for these critical modules to -r6