Can"t Access Includes Above Current Directory

This is a multi-part message in MIME format.

------_=_NextPart_001_01C3C334.724156CA
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi,

I'm relatively new to your list and configuring Apache with the SSL
module enabled and have a newbie configuration glitch I've not been able
to resolve.

My configuration is:

RH Linux Kernel 2.4.20-8, Apache 2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,
Apache was compiled with SSL and SSL appears to work OK.

My document root is http - /www/sd/htdocs, https - /www/sd/htdocs/jobs

I don't want anyone accessing the jobs directory so I have a redirect in
httpd.conf to send requests for http://www/sd/htdocs/jobs to
https://www/sd/htdocs/jobs instead.

All seems to work fine with http and https access with one blaring
exception.

My PHP scripts have include directives which pull include files from
/www/sd/htdocs/include and that all works fine if run from one of the
http subdirectories i.e.

include("../include/prepend.php");
....
?>

But if I try the above code from a https directory, say
https://www/sd/hddocs/jobs the it will fail with:
PHP Warning: main(../../include/prepend.php): failed to open stream: No
such file or directory in /www/sd/htdocs/jobs/index.php on line 4

There is no problem if I change the include location to
/www/sd/htdocs/jobs/include, I can run the scripts fine. So it seems I
can include at the same level or below but not up any level in the
directory tree if using https.

I've also tried SSI to include a file (for testing) with a similar
result:


unable to include file "../include/middle.html" in parsed file
/www/sdfair.com/htdocs/jobs/index.shtml

Fails as you can see from the https side but works fine if run from
http://www/sd/htdocs/test (an area where SSL is not enabled).

This is the case with all other parts of the web site without SSL, all
scripts with include directives work fine.

I've searched the web and SSL documentation but I seem to be missing
something here and am just banging my head against a wall. I've
modified both httpd.conf and ssl.conf 'til I'm blue with no change in
function.

I imagine this is some SSL configuration oversight on my part but so far
I've been unable to find it and would ask for anyone who may be able to
help to please give suggestions on what directive(s) are causing this.
I'd really appreciate a point in the right direction on a resolution.

Thanks for your help,

........... Steve

------_=_NextPart_001_01C3C334.724156CA
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable




charset=3Dus-ascii">
6.0.6249.1">

Hi,

I'm relatively new to your list and =
configuring Apache with the SSL module enabled and have a newbie =
configuration glitch I've not been able to resolve.

My configuration is:

RH Linux Kernel 2.4.20-8, Apache =
2.0.48, OpenSSL -0.9.6l, PHP 4.3.4,  Apache was compiled with SSL =
and SSL appears to work OK.

My document root is http - =
/www/sd/htdocs, https - /www/sd/htdocs/jobs

I don't want anyone accessing the jobs =
directory so I have a redirect in httpd.conf to send requests for HREF=3D"http://www/sd/htdocs/jobs">http://www/sd/htdocs/jobs to HREF=3D"https://www/sd/htdocs/jobs">https://www/sd/htdocs/jo bs =
instead.

All seems to work fine with http and =
https access with one blaring exception.

My PHP scripts have include directives =
which pull include files from /www/sd/htdocs/include and that all works =
fine if run from one of the http subdirectories i.e.

<?php


    =
include("../include/prepend.php");


    ....


?>

But if I try the above code from a =
https directory, say HREF=3D"https://www/sd/hddocs/jobs">https://www/sd/hddocs/jo bs the =
it will fail with:


PHP Warning:  =
main(../../include/prepend.php): failed to open stream: No such file or =
directory in /www/sd/htdocs/jobs/index.php on line 4

There is no problem if I change the =
include location to /www/sd/htdocs/jobs/include, I can run the scripts =
fine.  So it seems I can include at the same level or below but not =
up any level in the directory tree if using https.

I've also tried SSI to include a file =
(for testing) with a similar result:

<!--#include =
file=3D"../include/middle.html" -->


unable to include file =
"../include/middle.html" in parsed file =
/www/sdfair.com/htdocs/jobs/index.shtml

Fails as you can see from the https =
side but works fine if run from HREF=3D"http://www/sd/htdocs/test">http://www/sd/htdocs/test  =
(an area where SSL is not enabled).

This is the case with all other parts =
of the web site without SSL, all scripts with include directives work =
fine.

I've searched the web and SSL =
documentation but I seem to be missing something here and am just =
banging my head against a wall.  I've modified both httpd.conf and =
ssl.conf 'til I'm blue with no change in function.

I imagine this is some SSL =
configuration oversight on my part but so far I've been unable to find =
it and would ask for anyone who may be able to help to please give =
suggestions on what directive(s) are causing this.  I'd really =
appreciate a point in the right direction on a resolution.

Thanks for your help,

.......... Steve