1 files changed, 18 insertions, 2 deletions

diff --git a/src/response.c b/src/response.c
index 4f23ea9a..606b98f7 100644
--- a/src/response.c
+++ b/src/response.c
@@ -451,7 +451,7 @@ handler_t http_response_prepare(server *srv, connection *con) {
 			log_error_write(srv, __FILE__, __LINE__,  "s",  "-- handling physical path");
 			log_error_write(srv, __FILE__, __LINE__,  "sb", "Path         :", con->physical.path);
 		}
-		
+
 		if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
 			/* file exists */
 			
@@ -459,7 +459,19 @@ handler_t http_response_prepare(server *srv, connection *con) {
 				log_error_write(srv, __FILE__, __LINE__,  "s",  "-- file found");
 				log_error_write(srv, __FILE__, __LINE__,  "sb", "Path         :", con->physical.path);
 			}
-			
+#ifdef HAVE_LSTAT
+			if ((sce->is_symlink != 0) && !con->conf.follow_symlink) {
+				con->http_status = 403;
+
+				if (con->conf.log_request_handling) {
+					log_error_write(srv, __FILE__, __LINE__,  "s",  "-- access denied due symlink restriction");
+					log_error_write(srv, __FILE__, __LINE__,  "sb", "Path         :", con->physical.path);
+				}
+
+				buffer_reset(con->physical.path);
+				return HANDLER_FINISHED;
+			};
+#endif
 			if (S_ISDIR(sce->st.st_mode)) {
 				if (con->physical.path->ptr[con->physical.path->used - 2] != '/') {
 					/* redirect to .../ */
@@ -468,7 +480,11 @@ handler_t http_response_prepare(server *srv, connection *con) {
 					
 					return HANDLER_FINISHED;
 				}
+#ifdef HAVE_LSTAT
+			} else if (!S_ISREG(sce->st.st_mode) && !sce->is_symlink) {
+#else
 			} else if (!S_ISREG(sce->st.st_mode)) {
+#endif
 				/* any special handling of non-reg files ?*/