Re: Cannot Access Includes Above Current Directory if using SSL

xyzzy
Date: 12/24/03


Date: Wed, 24 Dec 2003 16:06:01 -0500


"Steve Benson" <sbenson@sdfair.com> wrote in message
news:C0936366153DB549AE4FDE5CB150A312791F75@email.sdfair.com...
I'm new to your list and configuring Apache with the SSL module enabled
and have a newbie configuration glitch I've not been able to resolve.
I'm very puzzled over why my scripts with included files, either SSI or
PHP, work fine outside of the SSL directory structure (but still at
similar nested levels in directory tree but not SSL). i.e.
given that /www/sd/htdocs/include/middle.html exists
with index.shtml in /www/sd/htdocs/test (http) with the lines
<!--#include file="../include/middle.html" --> and
<!--#echo var="DOCUMENT_NAME" --> run fine and middle.html is included
and the document name is displayed. Excellent!
But the same index.shtml in /www/sd/htdocs/jobs (https) <!--#include
file="../include/middle.html" --> fails to include middle.html and the
error_log file reports: unable to include file
"/www/sd/htdocs/include/middle.html" in parsed file
/www/sd/htdocs/jobs/index.shtml Not problem with <!--#echo
var="DOCUMENT_NAME" --> the document name is displayed. Only half
excelent.
I changed the SSI to <!--#include virtual="../include/middle.html" -->
as you suggested but the result was the same. I changed the relative
path used to absolute and also got the same result. I can use includes
in the SSL directory as long as they're at the same level or below. If I
move the above example (including the include directory) down one level
in the https directory tree i.e. given that
/www/sd/htdocs/jobs/include/middle.html exists with index.shtml in
/www/sd/htdocs/jobs/test (https) <!--#include
file="../include/middle.html" --> it also fails. So I can't go up even
within the https directory tree. The same scenario under http presents
no problems.
The SSI is mostly for testing trying to figure out why my PHP scripts
are acting this way. I'm trying to keep it simple so I can find the root
cause of my SSL (https) virtual server failure to work with upper level
include files.
i.e.
given that /www/sd/htdocs/include/prepend.php exists
<?php
include("../include/prepend.php");
....
?>

So, if I try the above code from a https directory, say
/www/sd/hddocs/jobs it will fail with:
PHP Warning: main(../include/prepend.php): failed to open stream: No
such file or directory in /www/sd/htdocs/jobs/index.php on line 4
Using an absolute path rather than a relative path has no effect. I even
tried a scriptalias clause, same as /cgi-bin/ but /include/ to the
include files dir, but that didn't work either.
There is no problem if I change the include location to
/www/sd/htdocs/jobs/include, I can run the scripts fine. So it seems I
can include at the same level or below but not up any level in the
directory tree if using https.
I imagine there's something in my SSL configuration causing this but
after trying many <Directory>, <Location> and even a ScriptAlias changes
to the ssl.conf I've not been able to get around this.
I've created a number of Apache web sites but this is my first using
SSL(mod_ssl incorporated into Apache 2.0.48, openssl). I've never
encountered anything like this before in web development.
My configuration is:
RH Linux Kernel 2.4.20-8, Apache 2.0.48, OpenSSL -0.9.6l, PHP 4.3.4
(compiled as a mod w/Apache), Apache was compiled with SSL and SSI
enabled. SSL appears to work OK i.e. recognized by browser, cert and key
accepted etc.
To summarize:
- All scripts work fine with relative paths to include files as long as
they're accessed via http and are not in the https virtual server
directory tree structure.

- When accessing the same scripts within the https virtual server tree
the scripts cannot reference any include files that aren't at the same
level or below in the directory tree.

- If the include file is made available at the same level or below, no
problem accessing via relative or absolute paths.

- Even when the paths to include files are changed to absolute paths
they fail if the file is above the current directory in the tree
(https). For some reason I can't go up the directory tree from within
the https virtual server directory structure. This is true no matter
where I am in the structure i.e. if I'm two levels deep in the directory
tree I can't reference a file up one level. If I'm three levels deep I
can't reference files back on level two, bummer!
I appreciate any suggestions.
Thanks,
............ Steve

Im not sure what your problem is, I am suspicious of your document root
delcarations.
But, I noticed you do your includes different than me. I tend to keep a
bunch of inludes in a folder not unlike your "www/sd/htdocs/jobs/include '
Then add that folder to php.ini under the include section. Then you can just
say <? include ("preapend.php"); ?> and it will work.
Furhtermore, since our 'inlcudes" folders sometimes contain
usernames,passwords & stuff, I would also not keep the "includes" folder
underneath one of your htdocs folders.



Relevant Pages

  • Cannot Access Includes Above Current Directory if using SSL
    ... I'm new to your list and configuring Apache with the SSL module enabled ... similar nested levels in directory tree but not SSL). ... within the https directory tree. ... The SSI is mostly for testing trying to figure out why my PHP scripts ...
    (php.general)
  • Cannot Access Includes Above Current Directory if using SSL
    ... I'm new to your list and configuring Apache with the SSL module enabled ... similar nested levels in directory tree but not SSL). ... within the https directory tree. ... The SSI is mostly for testing trying to figure out why my PHP scripts ...
    (php.general)
  • Re: Expired cirtificate errors FireFox and IE (Vista 32 bit)
    ... Those would be https web sites (that use SSL to encrypt the connection) ... Have you yet rebooted Windows? ... Even if WU doesn't say you need to reboot after applying some updates, ...
    (microsoft.public.windows.vista.general)
  • Re: RWW with no https
    ... I do not consider a:8080 a url that is appropriate for a SSL end user connection. ... So just so we are all clear, RWW HAS to go over HTTPS. ... Even if I do https but port 8080 would not matter ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2006 and SSL
    ... same user can access the site in question by creating an SSL-Tunnel and is ... Microsoft Online Partner Support ... | Subject: RE: ISA 2006 and SSL ... | | rule to allow HTTPS to local host, instead of all http and https ...
    (microsoft.public.isa)