| Summary: | www-servers/apache - mod_{dir,mime} support should be mandatory and not a USE flag | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | reillyp |
| Component: | [OLD] Server | Assignee: | Apache Team - Bugzilla Reports <apache-bugs> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | minor | CC: | php-bugs |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
reillyp
2007-12-07 14:06:30 UTC
Sigh. That module simply should NOT be optional or mod_php and lots of other apache modules become no-op, end of story. :/ Hollow - if you don't want to make this mandatory, WONTFIX this bug. PHP is not going to check for mod_dir for AddDirectoryIndex directive, it doesn't work properly without it and as such the error is intended. We have enough users asking about on IRC why apache lets them download PHP files instead of parsing them already (which boils down to either failure to restart apache or browser cache/proxy in the way). This would add yet another hard to debug breakage. BTW, ditto for mod_mime. Don't complain to PHP folks if you disable it and things break. well, there is a reason it is in the default selection, but i will not remove, because it might be useful for people building small, static apaches where mod_dir might not be necessary. (the same is true for mod_authz_host btw) Uh - we talking about the same mod_dir? I added the IfModule wrapper to 70_mod_php5.conf and commented out the LoadModule dir_module line in httpd.conf and PHP appears to run fine. As far as I have always known (and I DO make my living with web apps and configuring apache) mod_dir just does some behind-the-scenes rewrites for you (not counting actually generating directory listing markup). And for security reasons I don't even want the possibility of apache automatically generating directory listings. However, I will just leave my own changes in and have to merge any future updates to 70_mod_php5.conf. I always have to comment out massive quantities of LoadModules in httpd.conf itself anyway since the default config completely misses the whole security concept of "only enable what is needed".. (In reply to comment #5) > Uh - we talking about the same mod_dir? Unless there's another mod_dir which I've missed, then yeah :) http://httpd.apache.org/docs/2.2/mod/mod_dir.html > I added the IfModule wrapper to 70_mod_php5.conf and commented out the > LoadModule dir_module line in httpd.conf and PHP appears to run fine. Except that index.php won't be added to DirectoryIndex, which is kinda what most webapps expect. ;) > I always have to comment out massive quantities of > LoadModules in httpd.conf itself anyway since the default config completely > misses the whole security concept of "only enable what is needed".. Well, our default configuration mostly matches upstream, as far as enabled modules are concerned (except for mod_auth_digest which was causing immense trouble due to lack of entropy). So if you think this should be handled differently, you should talk to upstream folks about it. (In reply to comment #5) > However, I will just leave my own changes in and have to merge any future > updates to 70_mod_php5.conf. I always have to comment out massive quantities of > LoadModules in httpd.conf itself anyway since the default config completely > misses the whole security concept of "only enable what is needed".. The apache-2.2.x ebuilds automatically generate the load module lines for built-in modules, so maybe you should etc-update after upgrading/changing APACHE2_MODULES i have added a warning for these critical modules to -r6 |
