Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1282481

Summary: AliasMatch in manual.conf yields 403 Forbidden for httpd24-httpd-manual.noarch
Product: Red Hat Software Collections Reporter: Tomas Hajek <hajek>
Component: httpd24Assignee: Jan Kaluža <jkaluza>
Status: CLOSED ERRATA QA Contact: Martin Frodl <mfrodl>
Severity: low Docs Contact:
Priority: unspecified    
Version: httpd24CC: jorton, kanderso, mfrodl, optak
Target Milestone: alpha   
Target Release: 2.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: httpd24-httpd-2.4.18-3.el6 httpd24-httpd-2.4.18-3.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-31 10:16:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hajek 2015-11-16 14:49:25 UTC 
Description of problem:
Aftering installing the httpd24-httpd-manual.noarch package the configuration file provided yields a 403 Forbidden when trying to access http://localhost/manual/ or http://<servername>/manual/

When installing the package httpd24-httpd-manual.noarch the following file is provided:
/opt/rh/httpd24/root/etc/httpd/conf.d/manual.conf
Which contains the following:
#
# This configuration file allows the manual to be accessed at 
# http://localhost/manual/
#
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/usr/share/httpd/manual$1"

<Directory "/opt/rh/httpd24/root/usr/share/httpd/manual">
    Options Indexes
    AllowOverride None
    Require all granted
</Directory>

The AliasMatch path does not refer to the path (/usr/share/httpd/manual$1) where the documentation is installed (/opt/rh/httpd24/root/usr/share/httpd/manual) for the SCL version of httpd24, however, the Directory directive appears to be correct.

Note also that the comment specifies that the configuration file allows for access from http://localhost/manual/ but it is not restricted to localhost and if the AliasMatch line was correct it would present the manual path to all hosts and not just localhost.

Version-Release number of selected component (if applicable):
httpd24-httpd-manual-2.4.12-4.el6.2.noarch

How reproducible:
I've reproduced on multiple systems and the results are consistent as would be expected as the configuration file appears to be incorrect.

Steps to Reproduce:
1. sudo yum install httpd24-httpd-manual.noarch
2. sudo /etc/init.d/httpd24-httpd restart
3. Go to http://localhost/manual/

Actual results:
Receive a 403 Forbidden page

Expected results:
Presented with the index for the Apache 2.4 documentation


Additional info:
This testing and installation was performed on Red Hat Enterprise Linux Server release 6.7 (Santiago)

If I change the AliasMatch line to the following then it works:
AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/opt/rh/httpd24/root/usr/share/httpd/manual$1"

However, I do have some concerns that there is no restriction on presenting the ^/manual/ pages to only localhost.
Comment 5 errata-xmlrpc 2016-05-31 10:16:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1154