Attempts to setuid in subrequests
Occurs with:
- Directory listing with mod_autoindex (performs subrequests on resources inside the directory)
- Header and readme HTML files are configured
- The HTML files are made available together with icons with mod_alias
- The directory containing the HTML files uses a different
AssignUserIdExpr
than the VHost- If there is no
AssignUserIdExpr
then the directory listing works but HTML files (i.e. custom header and readme) and icons fail to load (giving 500 because the%{REMOTE_USER}
is '' because there is no auth.
- If there is no
- The VHost uses auth and the directory containing the HTML files does not
Workaround: It may make sense to split the HTML files from the icons and move them into a different directory.