webserver strangeness.

[Steve]

Standard ES 3 with httpd

updates applied

I have setup an upload area and enabled WebDAV, I've added an htaccess 
type entry to <Limit> GET requests to anonymous users (anyone can view the 
URLs) and then added a further <Limit> for all other directives to be 
allowed after authenticating only.

The reason for this (as everyone seems to be asking me "why bother" is 
that I need to find an easy way to upload a few thousand photos and add 
them into a gallery, the gallery software allows either "groups of 10 
files to be uploaded" or a URL to be supplied that it will wander off to 
and suck down the photos.

Due to ease of explaining how things work to end users, it was decided to 
create a simple system using webdav so uploads can be done as if the site 
were a hard drive then they put in the URL "uploads.blah.com" into the 
gallery system and it will suck their photos across.

I tried sucessfully to make the DAV folder under the main site but the 
gallery URL suck became confused for some reason and required the images 
to be in the root of the web structure.

It appears that someone within the organisation that sets up the 
httpd.conf decided that disableing indexes by default within apache was 
not enough to stop stupid admins from displaying their directory structure 
to the world (despite the fact that you had to actually enable this option 
to doso) - so they would also do a location rewrite if the url requested 
was the root of the web site and the file served was not one of the 
index files.

#<LocationMatch "^/$>
#    Options -Indexes
#    ErrorDocument 403 /error/noindex.html
#</LocationMatch>

I have since disabled this (IMHO - Braindead) option and restarted apache. 
However, I am still getting a random "forbidden" rule and redirect if I 
try to goto the root of my upload vhost.

My Config for this vhost is..

<Directory "/var/www/vhost/uploads">
    DAV On
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
    AuthType Basic
    AuthName jany
    AuthUserFile  /var/www/vhost/htpasswd
    AuthGroupFile /dev/null
    <Limit GET>
     Order allow,deny
     Allow from all
    </Limit>
    <Limit POST PUT CONNECT OPTIONS DELETE PATCH PROPFIND PROPPATCH MKCOL 
COPY MOVE LOCK UNLOCK>
     Require valid-user
    </Limit>
</Directory>

Document Root is set to..

DocumentRoot /var/www/vhost/uploads

I have just spent the past hour scouring through the httpd.conf file 
trying to find any reference to a redirect to a forbbiden document or an 
index document and I cant find anything. I have set "Indexes" as an option 
on every <Directory> Idirective I can find in the vain hope that it was 
something else.

<rant>
Whoever in their right mind dreamed up the idea that disabling indexes and 
making it near on impossible to re-enable them needs a freakin bullet to 
the head !!! if an admin makes a concious decision to allow a function to 
happen outside default spec then WHY MAKE IT FREAKIN NEAR ENOUGH TO 
IMPOSSIBLE TO DOSO ?????
</rant>

Ok, so ranting probably doesnt help but I have hardly any hair left.

god, its things like this that almost make you want to go back to using 
IIS or Apache 1.3 - at least they bloody work !.

-- 
Steve.