启用 FollowSymLinks 后,Apache 2.4.54 WebDAV 位置指令中不显示符号链接

tag-icon tag-icon apache-http-server webdav
启用 FollowSymLinks 后,Apache 2.4.54 WebDAV 位置指令中不显示符号链接

我尝试symstore在连接到目录时通过 WebDAV 客户端(例如 WinSCP、cadaver、Cyber​​duck 或 FileZilla)访问创建的目录webdav,但未显示 symstore 目录。当我通过 Web 浏览器访问 webdav 目录时,我能够看到 symstore 目录,但我不想使用 Web 浏览器作为访问服务的最终实现。我希望在通过 WebDAV 客户端连接到 webdav 目录时能够看到 symstore 目录。

这是我在 Apache 2.4.54 上运行 WebDAV 的当前配置,它按照我预期的方式运行,但有一个例外,我将在稍后详细解释:

LoadModule dav_module           modules/mod_dav.so
LoadModule dav_fs_module        modules/mod_dav_fs.so
LoadModule ldap_module          modules/mod_ldap.so
LoadModule authnz_ldap_module   modules/mod_authnz_ldap.so
LoadModule auth_digest_module   modules/mod_auth_digest.so

DocumentRoot "/var/webdav"
DavLockDB "/run/lock/apache/DavLock"

<AuthnProviderAlias ldap ldap-auth-basic-provider>
    LDAPReferrals Off
    AuthLDAPURL ${LDAP_URL} NONE
    AuthLDAPBindDN ${LDAP_AUTH_BIND_DN}
    AuthLDAPBindPassword ${LDAP_AUTH_BIND_DN_PASSWORD}
</AuthnProviderAlias>

<AuthzProviderAlias ldap-group ldap-group-auth-provider "${LDAP_GROUP_DN}">
    AuthLDAPURL ${LDAP_URL} NONE
    AuthLDAPBindDN ${LDAP_AUTH_BIND_DN}
    AuthLDAPBindPassword ${LDAP_AUTH_BIND_DN_PASSWORD}
    AuthLDAPGroupAttributeIsDN on
    AuthLDAPMaxSubGroupDepth 10
    AuthLDAPGroupAttribute ${LDAP_GROUP_ATTR}
</AuthzProviderAlias>

<VirtualHost *:80>
    LogLevel ${LOG_LEVEL}
    ErrorLog /usr/local/apache2/logs/error.log
    CustomLog /usr/local/apache2/logs/access.log combined
    Alias "/webdav/" "/var/webdav/"
    <Location "/webdav/">
        Dav On
        Options +Indexes +MultiViews +FollowSymLinks
        IndexOptions +Charset=UTF-8 +FancyIndexing +FoldersFirst
        AuthType Basic
        AuthName "WebDAV LDAP Authentication"
        AuthBasicProvider ldap-auth-basic-provider
        <RequireAll>
            Require ldap-group-auth-provider
        </RequireAll>
    </Location>
    Alias "/webdav/symstore/" "/var/symstore/"
    <Location "/webdav/symstore/">
        Dav On
        Options +Indexes +MultiViews +FollowSymLinks
        AuthType Basic
        AuthName "ByteLoch-Symstore"
        AuthBasicProvider ldap-auth-basic-provider
        <RequireAll>
            Require ldap-group-auth-provider
            Require method GET CONNECT OPTIONS PROPFIND HEAD
        </RequireAll>
    </Location>
    Alias "/symstore/" "/var/symstore/"
    <Location "/symstore/">
        Dav On
        Options +Indexes +MultiViews +FollowSymLinks
        AuthType Digest
        AuthName "ByteLoch-Symstore"
        AuthUserFile /run/lock/apache/users.passwd
        <RequireAny>
            Require user symstore
        </RequireAny>
    </Location>
</VirtualHost>

当我通过 cadaver 或 WinSCP 等客户端连接到 /webdav/ 位置的 WebDAV 共享时,我无法看到 /var/webdav/ 目录中的符号链接。据我所知,WebDAV 协议不支持符号链接,但我仍然希望该链接仍然存在,以便获取其余配置,该配置在路径“/webdav/symstore/”的位置指令中定义。我只希望它看到文件夹,但不需要遵循符号链接。我在配置中设置了 FollowSymLinks 选项,但即使切换到目录指令,它也无法按预期工作。符号链接上的权限(如 ls 命令所示)似乎是正确的:

# ls -ld /var/webdav/symstore
lrwxrwxrwx 1 www-data www-data 13 Jan  8 23:09 /var/webdav/symstore -> /var/symstore

# ls -ld /var/symstore
drwxr-xr-x 2 www-data www-data 4096 Jan  8 23:20 /var/symstore

这是来自 cadaver 的输出,当我连接时,正如您所看到的,当我在 webdav 目录中列出时,该目录symstore没有出现。

# cadaver http://localhost/webdav/
Authentication required for WebDAV LDAP Authentication on server 'localhost':
Username: .redacted.
Password: 
dav:/webdav/> ls
Listing collection `/webdav/': succeeded.
        .htaccess                              0  Jan  9 01:11
        compose.yaml                        2488  Jan  8 20:59
dav:/webdav/> cd symstore
dav:/webdav/symstore/> ls
Listing collection `/webdav/symstore/': succeeded.
        .htaccess                              0  Jan  9 01:11
        README.md                           1516  Jan  8 20:44

查看 Apache WebDAV 服务器上的日志......

# cat logs/access.log 
172.20.0.1 - .redacted. [09/Jan/2023:00:13:49 +0000] "OPTIONS /webdav/symstore/ HTTP/1.1" 200 - "-" "WinSCP/5.21.3 neon/0.32.1"
172.20.0.1 - .redacted. [09/Jan/2023:00:13:49 +0000] "PROPFIND /webdav/symstore/ HTTP/1.1" 207 864 "-" "WinSCP/5.21.3 neon/0.32.1"
172.20.0.1 - .redacted. [09/Jan/2023:00:13:49 +0000] "PROPFIND /webdav/symstore/ HTTP/1.1" 207 3148 "-" "WinSCP/5.21.3 neon/0.32.1"
172.20.0.1 - .redacted. [09/Jan/2023:00:13:52 +0000] "PROPFIND /webdav/ HTTP/1.1" 207 855 "-" "WinSCP/5.21.3 neon/0.32.1"
172.20.0.1 - .redacted. [09/Jan/2023:00:13:52 +0000] "PROPFIND /webdav/ HTTP/1.1" 207 2359 "-" "WinSCP/5.21.3 neon/0.32.1"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:15 +0000] "OPTIONS /webdav/ HTTP/1.1" 200 - "-" "cadaver/0.23.3 neon/0.30.2"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:15 +0000] "PROPFIND /webdav/ HTTP/1.1" 207 686 "-" "cadaver/0.23.3 neon/0.30.2"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:17 +0000] "PROPFIND /webdav/ HTTP/1.1" 207 1730 "-" "cadaver/0.23.3 neon/0.30.2"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:22 +0000] "PROPFIND /webdav/symstore/ HTTP/1.1" 207 695 "-" "cadaver/0.23.3 neon/0.30.2"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:23 +0000] "PROPFIND /webdav/symstore/ HTTP/1.1" 207 2288 "-" "cadaver/0.23.3 neon/0.30.2"
172.20.0.1 - .redacted. [09/Jan/2023:00:14:29 +0000] "PROPFIND /webdav/symstore/ HTTP/1.1" 207 2288 "-" "cadaver/0.23.3 neon/0.30.2"

错误日志不显示任何错误,但很乐意根据故障排除的需要生成/共享它们。我可以将日志级别设置为所需的任何级别以获取更多详细信息。

相关内容