Red Hat Bugzilla – Bug 494451
modsecurity broke web directory browsing
Last modified: 2009-04-07 11:14:43 EDT
Description of problem:A recent automatic redhat update to apache is not
allowing directory browsing. I'm guessing it's the modsecurity module as
/etc/httpd/modsecurity.d/optional_rules was touched Friday, April 3 on all
my el5 systems.
Version-Release number of selected component (if applicable):
Anytime a user goes to a directory in their public_html directory they receive:
You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.
If you think this is a server error, please contact the webmaster.
Steps to Reproduce:
Prior to the recent automatic update, directory browsing was allowed in
httpd.conf Options with Indexes and worked. Our community expects it to work.
Whoops. I didn't include the mod_security version.
It is mod_security-2.5.9-1.el5 and the update did occur Friday, Apr 3.
Thanks for contacting us.
1) mod_security is not shipped in RHEL.
is not a RHEL server. If you're running CentOS please report to a CentOS support forum.
No, we're not running CentOS. We are running
Red Hat Enterprise Linux Server release 5.3 (Tikanga).
But my apologies on thinking mod_security is RHEL. I checked the
update log and the epel repository did the update.
Thanks. Sorry for the trouble report.