Apache2 使用 ScriptAlias 时尝试访问顶级目录

tag-icon tag-icon apache2 scriptalias
Apache2 使用 ScriptAlias 时尝试访问顶级目录

我使用 Munin-cgi 作为服务器监控系统。有一次我意识到我的 error.log 中出现了奇怪且非常烦人的提示,尽管一切都运行良好且没有错误。

此刻我注释掉了 Munin 的 apache 配置中的所有内容,但错误仍然出现。

这是我的配置:

<VirtualHost *:80>
<Directory />
  Options -MultiViews
</Directory>
ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
</VirtualHost>

因此如果我调用脚本:

http://<server>/munin-cgi/munin-cgi-graph/DOMAIN/HOST/PICTURE.png?&size_x=800&size_y=400

我在 error.log 中收到以下错误:

[Thu Oct 20 22:40:32.016850 2016] [authz_core:error] [pid 25196] [client 192.168.235.77:46192] AH01630: client denied by server configuration: /var/www/DOMAIN

就是这样。即使打开了最大跟踪级别,我也没有发现任何可疑之处。脚本正在运行,我也看到了它的输出,但每次调用该脚本时,Apache 都会删除/munin-cgi/munin-cgi-graph/并尝试访问http://<server>//DOMAIN/HOST/PICTURE.png。即使我创建文件,/var/www/DOMAIN/HOST/PICTURE.png/index.htmlcgi 脚本仍会继续被调用,显然,error.log 中的消息会消失。

也许顶级 apache 配置文件中的文件之外的某个地方存在错误,但我仍然找不到它。

阻止警告的唯一方法是写

<Location />
    Require all granted
</Location>

但这当然不安全

UPD:这是启用 mod_rewrite 的日志:

[Thu Oct 20 19:33:38.672038 2016] [rewrite:trace2] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] init rewrite engine with requested uri /munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png
[Thu Oct 20 19:33:38.672139 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] applying pattern '^/munin-cgi/favicon.ico' to uri '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672157 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] applying pattern '^/munin-cgi/.*static/(.*)' to uri '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672169 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] applying pattern '^/munin-cgi/(.*\\.html)?$' to uri '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672179 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] applying pattern '^/munin-cgi/munin-cgi-graph/(.*)' to uri '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672189 2016] [rewrite:trace2] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] rewrite '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png' -> '/munin-cgi/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672198 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] applying pattern '^/munin-cgi/(.*.png)$' to uri '/munin-cgi/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672209 2016] [rewrite:trace2] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] rewrite '/munin-cgi/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png' -> '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672221 2016] [rewrite:trace2] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee990a0/initial] forcing '/munin-cgi/munin-cgi-graph/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png' to get passed through to next API URI-to-filename handler
[Thu Oct 20 19:33:38.672453 2016] [rewrite:trace2] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] init rewrite engine with requested uri /<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png
[Thu Oct 20 19:33:38.672464 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] applying pattern '^/munin-cgi/favicon.ico' to uri '/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672471 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] applying pattern '^/munin-cgi/.*static/(.*)' to uri '/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672477 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] applying pattern '^/munin-cgi/(.*\\.html)?$' to uri '/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672494 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] applying pattern '^/munin-cgi/munin-cgi-graph/(.*)' to uri '/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672510 2016] [rewrite:trace3] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] applying pattern '^/munin-cgi/(.*.png)$' to uri '/<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png'
[Thu Oct 20 19:33:38.672517 2016] [rewrite:trace1] [pid 5132] mod_rewrite.c(477): [client <SKIP>] <CLIENT> - - [<SERVER>/sid#7f5e5ef59470][rid#7f5e5ee910a0/subreq] pass through /<DOMAIN>/<HOST>/bind9-pinpoint=1476918806,1476955256.png

答案1

不要将<Directory />块放入虚拟主机中,全局上下文中应该只有一个块,并且您应该将其保留原样。该<Directory>指令的参数是文件系统路径,而不是 URI 路径。

你需要一个目录块来允许访问你的目标ScriptAlias。例如:

<Directory "/usr/lib/munin/cgi/munin-cgi-graph">
   require all granted
</Directory>

如果没有这个,Apache 将不被允许从该文件系统目录提供任何服务。

相关内容