Hello,
I have a rather wierd question about Apache Directives Configuration.
I am running Ubuntu Linux Server and my Apache Tree looks like this:
server [/etc/apache2] # tree
.
├── apache2.conf
├── apache2.conf.dpkg-old
├── apache2.conf.in
├── conf-available
│ ├── charset.conf
│ ├── _javascript_-common.conf
│ ├── localized-error-pages.conf
│ ├── other-vhosts-access-log.conf
│ ├── phpmyadmin.conf -> ../../phpmyadmin/apache.conf
│ ├── security.conf
│ └── serve-cgi-bin.conf
├── conf-enabled
│ ├── charset.conf -> ../conf-available/charset.conf
│ ├── client-dirs.conf
│ ├── _javascript_-common.conf ->
../conf-available/_javascript_-common.conf
│ ├── localized-error-pages.conf ->
../conf-available/localized-error-pages.conf
│ ├── other-vhosts-access-log.conf ->
../conf-available/other-vhosts-access-log.conf
│ ├── phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
│ ├── security.conf -> ../conf-available/security.conf
│ └── serve-cgi-bin.conf ->
../conf-available/serve-cgi-bin.conf
├── conf-local
│ ├── htdirs.conf
│ ├── htpasswd
│ ├── htpasswd4laszlo
│ └── htpasswd4project
├── envvars
├── magic
├── mods-available
│ ├── access_compat.load
│ ├── actions.conf
│ ├── actions.load
│ ├── alias.conf
│ ├── alias.load
│ ├── allowmethods.load
│ ├── asis.load
│ ├── auth_basic.load
│ ├── auth_digest.load
│ ├── auth_form.load
│ ├── authn_anon.load
│ ├── authn_core.load
│ ├── authn_dbd.load
│ ├── authn_dbm.load
│ ├── authn_file.load
│ ├── authn_socache.load
│ ├── authnz_fcgi.load
│ ├── authnz_ldap.load
│ ├── authz_core.load
│ ├── authz_dbd.load
│ ├── authz_dbm.load
│ ├── authz_groupfile.load
│ ├── authz_host.load
│ ├── authz_owner.load
│ ├── authz_user.load
│ ├── autoindex.conf
│ ├── autoindex.load
│ ├── buffer.load
│ ├── cache_disk.conf
│ ├── cache_disk.load
│ ├── cache.load
│ ├── cache_socache.load
│ ├── cgid.conf
│ ├── cgid.load
│ ├── cgi.load
│ ├── charset_lite.load
│ ├── data.load
│ ├── dav_fs.conf
│ ├── dav_fs.load
│ ├── dav.load
│ ├── dav_lock.load
│ ├── dbd.load
│ ├── deflate.conf
│ ├── deflate.load
│ ├── dialup.load
│ ├── dir.conf
│ ├── dir.load
│ ├── dump_io.load
│ ├── echo.load
│ ├── env.load
│ ├── expires.load
│ ├── ext_filter.load
│ ├── file_cache.load
│ ├── filter.load
│ ├── headers.load
│ ├── heartbeat.load
│ ├── heartmonitor.load
│ ├── ident.load
│ ├── include.load
│ ├── info.conf
│ ├── info.load
│ ├── lbmethod_bybusyness.load
│ ├── lbmethod_byrequests.load
│ ├── lbmethod_bytraffic.load
│ ├── lbmethod_heartbeat.load
│ ├── ldap.conf
│ ├── ldap.load
│ ├── log_debug.load
│ ├── log_forensic.load
│ ├── lua.load
│ ├── macro.load
│ ├── mime.conf
│ ├── mime.load
│ ├── mime_magic.conf
│ ├── mime_magic.load
│ ├── mpm_event.conf
│ ├── mpm_event.load
│ ├── mpm_prefork.conf
│ ├── mpm_prefork.load
│ ├── mpm_worker.conf
│ ├── mpm_worker.load
│ ├── negotiation.conf
│ ├── negotiation.load
│ ├── php5.6.conf
│ ├── php5.6.load
│ ├── php7.0.conf
│ ├── php7.0.load
│ ├── php7.1.conf
│ ├── php7.1.load
│ ├── php7.2.conf
│ ├── php7.2.load
│ ├── php7.3.conf
│ ├── php7.3.load
│ ├── php7.4.conf
│ ├── php7.4.load
│ ├── php8.0.conf
│ ├── php8.0.load
│ ├── proxy_ajp.load
│ ├── proxy_balancer.conf
│ ├── proxy_balancer.load
│ ├── proxy.conf
│ ├── proxy_connect.load
│ ├── proxy_express.load
│ ├── proxy_fcgi.load
│ ├── proxy_fdpass.load
│ ├── proxy_ftp.conf
│ ├── proxy_ftp.load
│ ├── proxy_html.conf
│ ├── proxy_html.load
│ ├── proxy_http.load
│ ├── proxy.load
│ ├── proxy_scgi.load
│ ├── proxy_wstunnel.load
│ ├── ratelimit.load
│ ├── reflector.load
│ ├── remoteip.load
│ ├── reqtimeout.conf
│ ├── reqtimeout.load
│ ├── request.load
│ ├── rewrite.load
│ ├── sed.load
│ ├── session_cookie.load
│ ├── session_crypto.load
│ ├── session_dbd.load
│ ├── session.load
│ ├── setenvif.conf
│ ├── setenvif.load
│ ├── slotmem_plain.load
│ ├── slotmem_shm.load
│ ├── socache_dbm.load
│ ├── socache_memcache.load
│ ├── socache_shmcb.load
│ ├── speling.load
│ ├── ssl.conf
│ ├── ssl.load
│ ├── status.conf
│ ├── status.load
│ ├── substitute.load
│ ├── suexec.load
│ ├── unique_id.load
│ ├── userdir.conf
│ ├── userdir.load
│ ├── usertrack.load
│ ├── vhost_alias.load
│ └── xml2enc.load
├── mods-enabled
│ ├── access_compat.load ->
../mods-available/access_compat.load
│ ├── alias.conf -> ../mods-available/alias.conf
│ ├── alias.load -> ../mods-available/alias.load
│ ├── auth_basic.load -> ../mods-available/auth_basic.load
│ ├── authn_core.load -> ../mods-available/authn_core.load
│ ├── authn_file.load -> ../mods-available/authn_file.load
│ ├── authz_core.load -> ../mods-available/authz_core.load
│ ├── authz_host.load -> ../mods-available/authz_host.load
│ ├── authz_user.load -> ../mods-available/authz_user.load
│ ├── autoindex.conf -> ../mods-available/autoindex.conf
│ ├── autoindex.load -> ../mods-available/autoindex.load
│ ├── deflate.conf -> ../mods-available/deflate.conf
│ ├── deflate.load -> ../mods-available/deflate.load
│ ├── dir.conf -> ../mods-available/dir.conf
│ ├── dir.load -> ../mods-available/dir.load
│ ├── env.load -> ../mods-available/env.load
│ ├── filter.load -> ../mods-available/filter.load
│ ├── headers.load -> ../mods-available/headers.load
│ ├── mime.conf -> ../mods-available/mime.conf
│ ├── mime.load -> ../mods-available/mime.load
│ ├── mpm_prefork.conf -> ../mods-available/mpm_prefork.conf
│ ├── mpm_prefork.load -> ../mods-available/mpm_prefork.load
│ ├── negotiation.conf -> ../mods-available/negotiation.conf
│ ├── negotiation.load -> ../mods-available/negotiation.load
│ ├── php5.6.conf -> ../mods-available/php5.6.conf
│ ├── php5.6.load -> ../mods-available/php5.6.load
│ ├── rewrite.load -> ../mods-available/rewrite.load
│ ├── setenvif.conf -> ../mods-available/setenvif.conf
│ ├── setenvif.load -> ../mods-available/setenvif.load
│ ├── socache_dbm.load -> ../mods-available/socache_dbm.load
│ ├── socache_memcache.load ->
../mods-available/socache_memcache.load
│ ├── socache_shmcb.load ->
../mods-available/socache_shmcb.load
│ ├── ssl.conf -> ../mods-available/ssl.conf
│ ├── ssl.load -> ../mods-available/ssl.load
│ ├── status.conf -> ../mods-available/status.conf
│ ├── status.load -> ../mods-available/status.load
│ ├── userdir.conf -> ../mods-available/userdir.conf
│ └── userdir.load -> ../mods-available/userdir.load
├── ports.conf
├── sites-available
│ ├── 000-default.conf
│ └── default-ssl.conf
└── sites-enabled
├── 000-default.conf -> ../sites-available/000-default.conf
└── default-ssl.conf -> ../sites-available/default-ssl.conf
7 directories, 212 files
Now, the problem is:
One of my config files is /etc/apache2/mods-enabled/userdir.conf
It has this contents:
[Begin File contents]
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/adam/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch
IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
php_admin_value open_basedir
/home/adam/public_html:/tmp
</Directory>
[End File contents]
The problem I noticed is that "</IfModule>" was absent from
this file.
So the <IfModule> at the beginning of this file was not
properly closed.
The mod_userdir module is always loaded and running. This is the
intended setting.
Restating the webserver (and retaining this configuration) did not yield any problems.
However, requesting a certificate with Let's Encrypt's certbot revealed this issue because certbot performed an analysis on Apache's configuration files before renewing this certificate and found this problem.
After I properly closed the IfModule with "</IfModule>" and
restarted the webserver certbot worked again.
Of course, Apache also worked.
Now, my question is:
What could this have affected ? The lack of "</IfModule>" at
the end of the "userdir" module.
(I am permanently using and loaded the UserDir Module because I
needed. So the "IF" condition is a perfect TRUE, for my server.)
Could have impacted something else ?
I don't know how many other modules or directives loads Apache
into memory on startup...
Is it possible that everything it loaded after this file could be
"under the influence" of <IfModule mod_userdir.c> because
it was not properly closed ?
(In this case, perhaps Apache found another <IfModule> or
<VirtualHost> along the way and nested it inside my unclosed
<IfModule> ?)
I am concerned about security risks, not loading of other configs properly or some other wierd combination that messes up my configs.... I have htaccess statements and security measures I put in place in my configs, as this server is used by tens of users.
Also, Apache should have reported this unclosed <IfModule> on restart. I don't know why it didn't.
I know Apache reads configuration files in a specific order based
on a combination of directories, filenames, and inclusion rules,
however I don't know how a missing IfModule closure tag can affect
other things...
If someone can help me... if an Apache developer or someone that understands these things perfectly knows what can I expect from this situation, please advise...
Thank you.
-- Cu stima, Adam Mihai Gergely Informatician www.infosky.ro
|