You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eben <eb...@bakedbean.net> on 2008/07/03 05:14:00 UTC
[users@httpd] trouble with vhosts and 2.2.8
I just setup a new Fedora Core 9 box, running apache 2.2.8.
I then setup a basic virtual host config using NameVirtualHost *:80
My only virtual host looks like:
<VirtualHost *:80>
ServerAdmin admin@domain.com
DocumentRoot /home/domain/www
ServerName domain.com
ServerAlias www.domain.com
ErrorLog /home/domain/logs/error_log
CustomLog /home/domain/logs/access_log combined
# NOTE: I added this later, doesn't change anything...
<Directory "/home/domain/www">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I've made sure my DirectoryIndex includes all possible index types,
SELinux is disabled, Firewall is disabled, permissions on /home/domain
are wide open for testing. No matter what I try, I keep getting a 403
Forbidden, and in the error log: (13)Permission denied: access to / denied
I've been reading around on this, but there doesn't seem to be any
definitive answers... there seems to be consensus that apache 2.2.x has
a bit more security by default, but it's not clear what needs to be
changed to allow the virtual hosts to resolve properly.
Any advice is appreciated.
Thanks,
Eben
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble with vhosts and 2.2.8
Posted by Eric Covener <co...@gmail.com>.
On Wed, Jul 2, 2008 at 11:14 PM, Eben <eb...@bakedbean.net> wrote:
> (13)Permission denied: access to / denied
That is OS security, not Apache access control.
http://wiki.apache.org/httpd/13PermissionDenied
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble with vhosts and 2.2.8
Posted by Eben <eb...@bakedbean.net>.
j k wrote:
>
>
> On Wed, Jul 2, 2008 at 8:14 PM, Eben <eben@bakedbean.net
> <ma...@bakedbean.net>> wrote:
>
> I just setup a new Fedora Core 9 box, running apache 2.2.8.
> <http://2.2.8.>
>
> I then setup a basic virtual host config using NameVirtualHost *:80
>
> My only virtual host looks like:
>
> <VirtualHost *:80>
> ServerAdmin admin@domain.com <ma...@domain.com>
> DocumentRoot /home/domain/www
> ServerName domain.com <http://domain.com>
> ServerAlias www.domain.com <http://www.domain.com>
> ErrorLog /home/domain/logs/error_log
> CustomLog /home/domain/logs/access_log combined
>
> # NOTE: I added this later, doesn't change anything...
> <Directory "/home/domain/www">
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> I've made sure my DirectoryIndex includes all possible index
> types, SELinux is disabled, Firewall is disabled, permissions on
> /home/domain are wide open for testing. No matter what I try, I
> keep getting a 403 Forbidden, and in the error log: (13)Permission
> denied: access to / denied
>
> I've been reading around on this, but there doesn't seem to be any
> definitive answers... there seems to be consensus that apache
> 2.2.x has a bit more security by default, but it's not clear what
> needs to be changed to allow the virtual hosts to resolve properly.
>
> Any advice is appreciated.
>
> Thanks,
> Eben
>
> That caught me at first also.. and every time I've upgraded its caught
> me again :-) there's a default vhost on mine I think it is called
> default_vhost.inc that has a comment line in it that says
> "controls who can get stuff from this server" and as I recall right
> after that it has along the lines of
> Order allow,deny
> Deny from all
> so that you have to then specifically allow each virtual host.
> OTOH you could disable the improved security at your own risk by
> making that an allow...
> hth,
> Johnny
>
Thanks for the response, unfortunately I don't have any such file, nor
can I find any such reference in httpd.conf. I don't see any global
Deny from all, all such statements are enclosed in Directory sections
for the default areas like /var/www/html, etc... Just for kicks I went
ahead and changed every Deny from all to Allow from all, and I'm still
getting denied.
Ugh... I've tried setting Directory sections for the vhosts doc root,
the parent directory and the parent's parent directory that set Allow
from all... nothing seems to shake it.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble with vhosts and 2.2.8
Posted by j k <jo...@gmail.com>.
On Wed, Jul 2, 2008 at 8:14 PM, Eben <eb...@bakedbean.net> wrote:
> I just setup a new Fedora Core 9 box, running apache 2.2.8.
>
> I then setup a basic virtual host config using NameVirtualHost *:80
>
> My only virtual host looks like:
>
> <VirtualHost *:80>
> ServerAdmin admin@domain.com
> DocumentRoot /home/domain/www
> ServerName domain.com
> ServerAlias www.domain.com
> ErrorLog /home/domain/logs/error_log
> CustomLog /home/domain/logs/access_log combined
>
> # NOTE: I added this later, doesn't change anything...
> <Directory "/home/domain/www">
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> I've made sure my DirectoryIndex includes all possible index types, SELinux
> is disabled, Firewall is disabled, permissions on /home/domain are wide open
> for testing. No matter what I try, I keep getting a 403 Forbidden, and in
> the error log: (13)Permission denied: access to / denied
>
> I've been reading around on this, but there doesn't seem to be any
> definitive answers... there seems to be consensus that apache 2.2.x has a
> bit more security by default, but it's not clear what needs to be changed to
> allow the virtual hosts to resolve properly.
>
> Any advice is appreciated.
>
> Thanks,
> Eben
>
> That caught me at first also.. and every time I've upgraded its caught me
again :-) there's a default vhost on mine I think it is called
default_vhost.inc that has a comment line in it that says
"controls who can get stuff from this server" and as I recall right after
that it has along the lines of
Order allow,deny
Deny from all
so that you have to then specifically allow each virtual host.
OTOH you could disable the improved security at your own risk by making that
an allow...
hth,
Johnny
Re: [users@httpd] trouble with vhosts and 2.2.8
Posted by Eben <eb...@bakedbean.net>.
just a quick follow up on this, the group consensus was correct, it was
an OS permissions issue, the top most directory on the doc root had
restrictive permissions. Allowing read rights for group and world
allowed access for apache.
Thanks for the helpful insight.
Eben
Norman Peelman wrote:
> Eben wrote:
>> I just setup a new Fedora Core 9 box, running apache 2.2.8.
>>
>> I then setup a basic virtual host config using NameVirtualHost *:80
>>
>> My only virtual host looks like:
>>
>> <VirtualHost *:80>
>> ServerAdmin admin@domain.com
>> DocumentRoot /home/domain/www
>> ServerName domain.com
>> ServerAlias www.domain.com
>> ErrorLog /home/domain/logs/error_log
>> CustomLog /home/domain/logs/access_log combined
>>
>> # NOTE: I added this later, doesn't change anything...
>> <Directory "/home/domain/www">
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> Order allow,deny
>> Allow from all
>> </Directory> </VirtualHost>
>>
>> I've made sure my DirectoryIndex includes all possible index types,
>> SELinux is disabled, Firewall is disabled, permissions on
>> /home/domain are wide open for testing. No matter what I try, I keep
>> getting a 403 Forbidden, and in the error log: (13)Permission denied:
>> access to / denied
>>
>> I've been reading around on this, but there doesn't seem to be any
>> definitive answers... there seems to be consensus that apache 2.2.x
>> has a bit more security by default, but it's not clear what needs to
>> be changed to allow the virtual hosts to resolve properly.
>>
>> Any advice is appreciated.
>>
>> Thanks,
>> Eben
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> Definitely a linux permissions issue. I'm on Ubuntu where apache runs
> as user: www-data. Check you permissions on /home/domain/www and
> your folders below it.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble with vhosts and 2.2.8
Posted by Norman Peelman <np...@cfl.rr.com>.
Eben wrote:
> I just setup a new Fedora Core 9 box, running apache 2.2.8.
>
> I then setup a basic virtual host config using NameVirtualHost *:80
>
> My only virtual host looks like:
>
> <VirtualHost *:80>
> ServerAdmin admin@domain.com
> DocumentRoot /home/domain/www
> ServerName domain.com
> ServerAlias www.domain.com
> ErrorLog /home/domain/logs/error_log
> CustomLog /home/domain/logs/access_log combined
>
> # NOTE: I added this later, doesn't change anything...
> <Directory "/home/domain/www">
> Options Indexes FollowSymLinks
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> I've made sure my DirectoryIndex includes all possible index types,
> SELinux is disabled, Firewall is disabled, permissions on /home/domain
> are wide open for testing. No matter what I try, I keep getting a 403
> Forbidden, and in the error log: (13)Permission denied: access to /
> denied
>
> I've been reading around on this, but there doesn't seem to be any
> definitive answers... there seems to be consensus that apache 2.2.x
> has a bit more security by default, but it's not clear what needs to
> be changed to allow the virtual hosts to resolve properly.
>
> Any advice is appreciated.
>
> Thanks,
> Eben
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Definitely a linux permissions issue. I'm on Ubuntu where apache runs
as user: www-data. Check you permissions on /home/domain/www and your
folders below it.
--
Norman
Registered Linux user #461062
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org