403 erro proibido quando o nome do arquivo contém “pm” nele

1

Eu tenho um servidor rodando o apache com scripts perl, alguns pdfs são gerados com nomes de arquivos gerados aleatoriamente, hoje encontramos um problema em que o nome do arquivo era

document_pmEifLziBABVSGdFIsbjYgkVaInQlZ.pdf

as permissões no arquivo são idênticas a todos os outros pdfs, tentar acessar o arquivo dá um 403 do apache, mudando o nome para

document_EifLziBABVSGdFIsbjYgkVaInQlZ.pdf

permite que o arquivo seja baixado sem problemas, alterando o nome do arquivo para

document_pm.pdf

dá um 403

pm.pdf

permite o download

Alguém encontrou um problema semelhante?

Isto pode estar relacionado com a extensão perl .pm?

Abaixo está o httpd.conf

    ### Section 1: Global Environment

    ServerTokens OS
    ServerRoot "/etc/httpd"
    PidFile run/httpd.pid
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 100
    KeepAliveTimeout 300

    ## Server-Pool Size Regulation (MPM specific)

    <IfModule prefork.c>
    StartServers       8
    MinSpareServers    5
    MaxSpareServers   20
    ServerLimit      256
    MaxClients       256
    MaxRequestsPerChild  4000
    </IfModule>

    <IfModule worker.c>
    StartServers         4
    MaxClients         300
    MinSpareThreads     25
    MaxSpareThreads     75
    ThreadsPerChild     25
    MaxRequestsPerChild  0
    </IfModule>

    Listen 80
    #Listen 8080

    # Dynamic Shared Object (DSO) Support

    LoadModule auth_basic_module modules/mod_auth_basic.so
    LoadModule auth_digest_module modules/mod_auth_digest.so
    LoadModule authn_file_module modules/mod_authn_file.so
    LoadModule authn_alias_module modules/mod_authn_alias.so
    LoadModule authn_anon_module modules/mod_authn_anon.so
    LoadModule authn_dbm_module modules/mod_authn_dbm.so
    LoadModule authn_default_module modules/mod_authn_default.so
    LoadModule authz_host_module modules/mod_authz_host.so
    LoadModule authz_user_module modules/mod_authz_user.so
    LoadModule authz_owner_module modules/mod_authz_owner.so
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    LoadModule authz_dbm_module modules/mod_authz_dbm.so
    LoadModule authz_default_module modules/mod_authz_default.so
    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    LoadModule include_module modules/mod_include.so
    LoadModule log_config_module modules/mod_log_config.so
    LoadModule logio_module modules/mod_logio.so
    LoadModule env_module modules/mod_env.so
    LoadModule ext_filter_module modules/mod_ext_filter.so
    LoadModule mime_magic_module modules/mod_mime_magic.so
    LoadModule expires_module modules/mod_expires.so
    LoadModule deflate_module modules/mod_deflate.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule usertrack_module modules/mod_usertrack.so
    LoadModule setenvif_module modules/mod_setenvif.so
    LoadModule mime_module modules/mod_mime.so
    LoadModule dav_module modules/mod_dav.so
    LoadModule status_module modules/mod_status.so
    LoadModule autoindex_module modules/mod_autoindex.so
    LoadModule info_module modules/mod_info.so
    LoadModule dav_fs_module modules/mod_dav_fs.so
    LoadModule vhost_alias_module modules/mod_vhost_alias.so
    LoadModule negotiation_module modules/mod_negotiation.so
    LoadModule dir_module modules/mod_dir.so
    LoadModule actions_module modules/mod_actions.so
    LoadModule speling_module modules/mod_speling.so
    LoadModule userdir_module modules/mod_userdir.so
    LoadModule alias_module modules/mod_alias.so
    LoadModule substitute_module modules/mod_substitute.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule cache_module modules/mod_cache.so
    LoadModule suexec_module modules/mod_suexec.so
    LoadModule disk_cache_module modules/mod_disk_cache.so
    LoadModule cgi_module modules/mod_cgi.so
    LoadModule version_module modules/mod_version.so

    #
    # The following modules are not loaded by default:
    #
    #LoadModule asis_module modules/mod_asis.so
    #LoadModule authn_dbd_module modules/mod_authn_dbd.so
    #LoadModule cern_meta_module modules/mod_cern_meta.so
    #LoadModule cgid_module modules/mod_cgid.so
    #LoadModule dbd_module modules/mod_dbd.so
    #LoadModule dumpio_module modules/mod_dumpio.so
    #LoadModule filter_module modules/mod_filter.so
    #LoadModule ident_module modules/mod_ident.so
    #LoadModule log_forensic_module modules/mod_log_forensic.so
    #LoadModule unique_id_module modules/mod_unique_id.so
    #

    #
    # Load config files from the config directory "/etc/httpd/conf.d".
    #
    Include conf.d/*.conf

    #
    # ExtendedStatus controls whether Apache will generate "full" status
    # information (ExtendedStatus On) or just basic information (ExtendedStatus
    # Off) when the "server-status" handler is called. The default is Off.
    #
    #ExtendedStatus On


    ### Section 2: 'Main' server configuration

    User apache
    Group apache

    ServerAdmin webmaster@

    ServerName server:80

    UseCanonicalName Off

    DocumentRoot "/www/"

    <Directory />
        Options -FollowSymLinks -Indexes
        AllowOverride None
    </Directory>


    <Directory "/www">
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    <IfModule mod_userdir.c>
        UserDir disable
    </IfModule>


    DirectoryIndex index.html

    AccessFileName .htaccess

    <Files ~ "^\.ht">
        Order allow,deny
        Deny from all
    </Files>
    <Files ~ ".pm">
        Order allow,deny
        Deny from all
    </Files>


    TypesConfig /etc/mime.types

    DefaultType text/plain

    <IfModule mod_mime_magic.c>
        MIMEMagicFile conf/magic
    </IfModule>

    HostnameLookups Off

    ErrorLog logs/error_log

    LogLevel warn

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent


    CustomLog logs/access_log common

    ServerSignature On

    Alias /icons/ "/var/www/icons/"

    <Directory "/var/www/icons">
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

    #
    # WebDAV module configuration section.
    #
    <IfModule mod_dav_fs.c>
        # Location of the WebDAV lock database.
        DAVLockDB /var/lib/dav/lockdb
    </IfModule>

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

    #
    # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    <Directory "/var/www/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>

    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8

    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*

    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core

    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^

    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    DefaultIcon /icons/unknown.gif

    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz

    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes.
    ReadmeName README.html
    HeaderName HEADER.html

    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

    #
    # DefaultLanguage and AddLanguage allows you to specify the language of
    # a document. You can then use content negotiation to give a browser a
    # file in a language the user can understand.
    #
    # Specify a default language. This means that all data
    # going out without a specific language tag (see below) will
    # be marked with this one. You probably do NOT want to set
    # this unless you are sure it is correct for all cases.
    #
    # * It is generally better to not mark a page as
    # * being a certain language than marking it with the wrong
    # * language!
    #
    # DefaultLanguage nl
    #
    # Note 1: The suffix does not have to be the same as the language
    # keyword --- those with documents in Polish (whose net-standard
    # language code is pl) may wish to use "AddLanguage pl .po" to
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in some cases
    # the two character 'Language' abbreviation is not identical to
    # the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char
    # specifier. There is 'work in progress' to fix this and get
    # the reference data for rfc1766 cleaned up.
    #
    # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
    # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
    # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
    # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
    # Norwegian (no) - Polish (pl) - Portugese (pt)
    # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
    # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
    #
    AddLanguage ca .ca
    AddLanguage cs .cz .cs
    AddLanguage da .dk
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage en .en
    AddLanguage eo .eo
    AddLanguage es .es
    AddLanguage et .et
    AddLanguage fr .fr
    AddLanguage he .he
    AddLanguage hr .hr
    AddLanguage it .it
    AddLanguage ja .ja
    AddLanguage ko .ko
    AddLanguage ltz .ltz
    AddLanguage nl .nl
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddLanguage pt .pt
    AddLanguage pt-BR .pt-br
    AddLanguage ru .ru
    AddLanguage sv .sv
    AddLanguage zh-CN .zh-cn
    AddLanguage zh-TW .zh-tw

    #
    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

    #
    # ForceLanguagePriority allows you to serve a result page rather than
    # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
    # [in case no accepted languages matched the available variants]
    #
    ForceLanguagePriority Prefer Fallback

    #
    # Specify a default charset for all content served; this enables
    # interpretation of all content as UTF-8 by default.  To use the
    # default browser choice (ISO-8859-1), or to allow the META tags
    # in HTML content to override this choice, comment out this
    # directive:
    #
    AddDefaultCharset UTF-8

    #
    # AddType allows you to add to or override the MIME configuration
    # file mime.types for specific file types.
    #
    #AddType application/x-tar .tgz


    #
    #   MIME-types for downloading Certificates and CRLs
    #
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl    .crl

    # ---
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-java-jnlp-file    .jnlp
    AddType application/x-java-archive-diff .jardiff

    # ---
    AddHandler cgi-script .cgi .pl
    AddHandler type-map var


    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml

    #
    # Action lets you define media types that will execute a script whenever
    # a matching file is called. This eliminates the need for repeated URL
    # pathnames for oft-used CGI file processors.
    # Format: Action media/type /cgi-script/location
    # Format: Action handler-name /cgi-script/location
    #


    Alias /error/ "/var/www/error/"

    <IfModule mod_negotiation.c>
    <IfModule mod_include.c>
        <Directory "/var/www/error">
            AllowOverride None
            Options IncludesNoExec
            AddOutputFilter Includes html
            AddHandler type-map var
            Order allow,deny
            Allow from all
            LanguagePriority en es de fr
            ForceLanguagePriority Prefer Fallback
        </Directory>

    #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    #    ErrorDocument 410 /error/HTTP_GONE.html.var
    #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

    </IfModule>
    </IfModule>

    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0

    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
    BrowserMatch "MS FrontPage" redirect-carefully
    BrowserMatch "^WebDrive" redirect-carefully
    BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
    BrowserMatch "^gnome-vfs/1.0" redirect-carefully
    BrowserMatch "^XML Spy" redirect-carefully
    BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
    
por Tlacaelel Ramon Luis 03.05.2017 / 19:28

1 resposta

0

Ao verificar o httpd.conf, notei esta seção

<Files ~ ".pm">

substituindo por

<Files ~ "\.pm$">

e reiniciar o apache cuidou do problema.

    
por 13.05.2017 / 19:51