Description of problem:A recent automatic redhat update to apache is not allowing directory browsing. I'm guessing it's the modsecurity module as /etc/httpd/modsecurity.d/optional_rules was touched Friday, April 3 on all my el5 systems. Version-Release number of selected component (if applicable): httpd-2.2.3-22.el5 How reproducible: Anytime a user goes to a directory in their public_html directory they receive: Access forbidden! You don't have permission to access the requested directory. There is either no index document or the directory is read-protected. If you think this is a server error, please contact the webmaster. Error 403 www.physics.arizona.edu Apache/2.2.0 (Fedora) Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Prior to the recent automatic update, directory browsing was allowed in httpd.conf Options with Indexes and worked. Our community expects it to work. Additional info:
Whoops. I didn't include the mod_security version. It is mod_security-2.5.9-1.el5 and the update did occur Friday, Apr 3.
Thanks for contacting us. 1) mod_security is not shipped in RHEL. 2) this: www.physics.arizona.edu Apache/2.2.0 (Fedora) is not a RHEL server. If you're running CentOS please report to a CentOS support forum.
No, we're not running CentOS. We are running Red Hat Enterprise Linux Server release 5.3 (Tikanga). But my apologies on thinking mod_security is RHEL. I checked the update log and the epel repository did the update. Thanks. Sorry for the trouble report.