Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

PreviousNext

11.7. Symbolic Links Lookup

The two options FollowSymLinks and SymLinksIfOwnerMatch are designed for the user's security. Unless FollowSymLinks is enabled, symbolic links will not be followed by the server. If SymLinksIfOwnerMatch is enabled, the server will follow symbolic links only when the target file or directory is owned by the same user as the link. Note that the two options are ignored if set within a <Location> block.

This protection costs a little overhead for each request. Wherever in your URL-space you do not have this setting:

Options FollowSymLinks

or you do have this setting:

Options SymLinksIfOwnerMatch

Apache will have to issue an extra call to lstat( ) per directory segment in the path to the file. For example, if you have:

DocumentRoot /home/httpd/docs
<Directory />
    Options SymLinksIfOwnerMatch
</Directory>

and a request is made for the URI /index.html, Apache will perform lstat( ) on these three directories and one file:

/home
/home/httpd
/home/httpd/docs
/home/httpd/docs/index.html

The deeper the file is located in the filesystem, the more lstat( )system calls will be made. The results of these lstat( ) calls are never cached, so they will occur for every single request. If you really want the symbolic-links security checking, you can do something like this:

DocumentRoot /home/httpd/docs
<Directory />
    Options FollowSymLinks
</Directory>
<Directory /home/httpd/docs>
    Options -FollowSymLinks +SymLinksIfOwnerMatch
</Directory>

This at least avoids the extra checks for the DocumentRoot path. Note that you'll need to add similar sections if you have any Alias or RewriteRule paths outside of your document root. For highest performance, and no symbolic link protection, set the FollowSymLinks option everywhere, and never set the SymLinksIfOwnerMatch option.

PreviousHomeNext
11.6. Reducing the Number of stat( ) Calls Made by ApacheBook Index11.8. Disabling DNS Resolution

Copyright © 2003 O'Reilly & Associates. All rights reserved.


  
 
  Published courtesy of O'Reilly Design by Interspire