You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Rich Phaneuf <ri...@varmintercustom.com> on 2008/11/07 03:02:06 UTC

[users@httpd] Configuration question.

Heyas all,
I've had apache running with virtual hosts for a while now and
decided recently to add bugzilla, which means adding mod_perl. I know
this isn't the forum for mod_perl, but I think I've moved past that
point. At this point I'm getting permission errors in Firefox and well,
I've posted the results of a test script from bugzilla below. I've
tried to include the applicable sections of my config files, scripts
that I've tried and their results, and file permissions.
As for the host system, I'm running apache 2.2.9-r1 on a Gentoo
Linux box. Which kind of complicates things because of the way the
config files are broken apart in gentoo. I'm testing via the test
script below and Firefox 2.0.0.17 (Linux) and version 3.0.3 (Vista). In
all cases, I'm getting the same error log message, and in Firefox I'm
getting the same "Forbidden" message in both browsers.

When I run /var/www/localhost/htdocs/bugzilla/testserver.pl I get the
following:

stooges bugzilla # /var/www/localhost/htdocs/bugzilla/testserver.pl
http://www.d2i2.com/bugzilla
TEST-OK Webserver is running under group id in $webservergroup.
TEST-OK Got front picture.
TEST-OK Webserver is executing CGIs via mod_perl/2.0.3-dev.
TEST-OK Webserver is preventing fetch of
http://www.d2i2.com/bugzilla/localconfig.

and when I use the browser to hit www.d2i2.com/bugzilla/index.pl:

Forbidden
You don't have permission to access /bugzilla/index.pl on this server.
------------------------------------------------------------------------
Apache Server at www.d2i2.com Port 80

When I go look at /var/log/apache2/error-log, I see:

[Thu Nov 06 17:21:28 2008] [error] [client 10.0.0.1] client denied by
server configuration: /curly/apache2/d2i2.com/htdocs/bugzilla/localconfig

Now as to my apache2 configuration, here are some snippets from the
various config files.

/etc/apache2/httpd.conf:
...
# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf
...
PerlSwitches -I/var/www/localhost/html/bugzilla -w
PerlTaintCheck ON
PerlWarn ON
<Location /perl>
SetHandler perl-script
PerlHandler Apache::Registry
#PerlHandler Apache::PerlRun
Options ExecCGI FollowSymLinks
PerlSendHeader ON
Order allow,deny
Allow from all
</Location>

and /etc/apache2/vhosts/vhosts.conf:

<VirtualHost 10.0.0.1>
ServerName d2i2.com
Serveralias www.d2i2.com
AliasMatch /perl(.*) /curly/apache2/d2i2.com/bugzilla/$1
DocumentRoot /curly/apache2/d2i2.com/htdocs
DirectoryIndex index.html
LogLevel debug
CustomLog /var/log/apache2/d2i2.com-access combined
</VirtualHost>
<Directory /curly/apache2/d2i2.com/htdocs>
Order allow,deny
Allow from All
Options FollowSymLinks Includes Multiviews
AllowOverride All
<IfModule mod_access.c>
Order allow,deny
Allow from All
</IfModule>
</Directory>
<Directory /curly/apache2/d2i2.com/html/bugzilla>
AddHandler perl .pl
Options +ExecCGI Includes Multiviews +FollowSymLinks
DirectoryIndex index.pl
AllowOverride All
Order allow,deny
Allow from All
<IfModule mod_access.c>
Order allow,deny
Allow from All
</IfModule>
<Files /curly/apaceh2/d2i2.com/html/bugzilla/localconfig>
Order allow,deny
Allow from All
</Files>
</Directory>

The AliasMatch line I got from the mod_perl section of the 3rd edition
of O`Reilly "Apache the difinitive guide".

One thing I would like to point out, is that the actual bugzilla
installation is in /var/www/localhost/htdocs/bugzilla, with the
/var/www/d2i2.com/htdocs/bugzilla being a symbolic link to the origial
in localhost. Here's my file permissions, in case it matters:

stooges bugzilla # ls -ld /var/www/localhost/htdocs/*
...
drwxr-xr-x 13 root apache 2776 Oct 30 14:29
/var/www/localhost/htdocs/bugzilla
-rwxr-xr-x 1 root root 44 Jun 30 10:12
/var/www/localhost/htdocs/index.html

and

stooges bugzilla # ls -ld /var/www/d2i2.com/htdocs/*
...
lrwxrwxrwx 1 root root 35 Oct 30 09:28
/var/www/d2i2.com/htdocs/bugzilla -> /var/www/localhost/htdocs/bugzilla/
-rw-r--r-- 1 rphaneuf apache 270 Sep 18 2007
/var/www/d2i2.com/htdocs/index.html
...

I can't change the actual permissions on the symlink from the d2i2.com
file, Gentoo will actually use the symlink source ownership and
permissions. I've tried to to a chgrp on the d2i2.com/htdocs/bugzilla
to be "apache", but it didn't take, on the symlink.

Any ideas on what's going on here? I can still serve my normal .html
and any non-perl cgi-bin files just fine, and the same for other sites
that I host that have .html, javascript, and cgi-bin. I was looking
through the archives for the mailing list on MarkMail and came across
something similar,

http://httpd.markmail.org/search/?q=ClientDeniedByServerConfiguration+order%3Adate-backward#query:ClientDeniedByServerConfiguration%20order%3Adate-backward%20from%3A%22Georg%20Sauthoff%22+page:1+mid:pykwq4qflrytaerp+state:results

and in that case the submitter filed a bug report
http://issues.apache.org/bugzilla/show_bug.cgi?id=43666

Thanks in advance for any advice on this subject.

--
Rich

Re: [users@httpd] Configuration question.

Posted by Nick Kew <ni...@webthing.com>.

On 7 Nov 2008, at 02:02, Rich Phaneuf wrote:

> client denied by server configuration

http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org