You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by James Pifer <je...@obrien-pifer.com> on 2009/02/18 22:29:47 UTC
Re: [users@httpd] [client 127.0.0.1] client denied by server
configuration: /srv/www/htdocs/
> First, it has nothing to do with the user under which Apache runs.
> According to the message above, it is the /client/ that is being denied
> by the server. It also says that the client is "calling" /from/ the
> address 127.0.0.1, which is the localhost (the Apache machine itself).
> So you have something running on your Apache machine, which tries to
> access that website on that same machine.
> Since it appears constantly, my guess is that is some automatic process,
> probably something running to just check the server. Nagios maybe ?
>
Yes, that's what it seems like, but I can't see anything it could be. I
do monitor http from another server which checks for index.html
periodically. That is all successful.
Only thing I see in the access log is a bunch of:
127.0.0.1 - - [18/Feb/2009:15:26:39 -0600] "GET / HTTP/1.1" 403 1039
127.0.0.1 - - [18/Feb/2009:15:28:26 -0600] "GET / HTTP/1.0" 403 1051
> If you have perl installed on that Suse machine, try the following
> command, from a command-line window on the same machine :
> lwp-request -m GET -Sed http://localhost
> and post here what it answers.
I get:
# lwp-request -m GET -Sed http://localhost
GET http://localhost --> 403 Forbidden
Connection: close
Date: Wed, 18 Feb 2009 21:26:39 GMT
Accept-Ranges: bytes
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Content-Language: en
Content-Type: text/html; charset=iso-8859-1
Client-Date: Wed, 18 Feb 2009 21:26:39 GMT
Client-Peer: 127.0.0.1:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
Link: <ma...@mydomain.com>; /="/"; rev="made"
Title: Access forbidden!
So that basically confirms that localhost is denied. How do I allow
access and does it seem safe to allow it?
The configuration is:
<Directory /srv/www/htdocs/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Thanks,
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] [client 127.0.0.1] client denied byserverconfiguration: /srv/www/htdocs/
Posted by "Anthony J. Biacco" <ab...@formatdynamics.com>.
That directory / deny will cause your 403 error, as well it should. I
wouldn't remove it.
If you want localhost to work, make sure the Directory block for
/srv/www/htdocs/ you have is in the first virtualhost you have
configured, as this is the virtualhost that apache will fall back on by
default if it doesn't find one for localhost (which it shouldn't unless
you have one called 'localhost')
-Tony
---------------------------
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abiacco@formatdynamics.com
http://www.formatdynamics.com
-----Original Message-----
From: James Pifer [mailto:jep@obrien-pifer.com]
Sent: Wednesday, February 18, 2009 2:55 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] [client 127.0.0.1] client denied
byserverconfiguration: /srv/www/htdocs/
On Wed, 2009-02-18 at 14:49 -0700, Anthony J. Biacco wrote:
> Hmm..do you have a <Directory /> block that's maybe denying it, or
lack
> of one?
Ok, found this in the main httpd.conf. The virtual servers are all
includes. So is it "safe" to comment this out?
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [client 127.0.0.1] client denied by serverconfiguration:
/srv/www/htdocs/
Posted by André Warnier <aw...@ice-sa.com>.
Nick Kew wrote:
> James Pifer wrote:
>> On Wed, 2009-02-18 at 14:49 -0700, Anthony J. Biacco wrote:
>>> Hmm..do you have a <Directory /> block that's maybe denying it, or lack
>>> of one?
>>
>> Ok, found this in the main httpd.conf. The virtual servers are all
>> includes. So is it "safe" to comment this out?
>
> No. Don't do that.
>
> At a glance, your problem appears to be that you haven't enabled
> Options Indexes.
>
Now James, you started this thread by saying that "suddenly, a cgi-bin
script doesn't work anymore"..
This is all taking us a bit far from that initial issue.
If it was working before, and isn't working anymore, something must have
changed, right ?
I have the feeling you are not telling us everything here, and it is
getting a bit confusing. At first you were saying that the configuration
was this
<Directory /srv/www/htdocs/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Then you pulled out another this
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Then you talk about includes..
So, which server are we talking about, with how many virtual hosts,
which one is the one where the cgi-bin doesn't run anymore, and which
one is the one of which you pulled out the first logfile ?
Or do you want to keep us guessing bit by bit ?
;-)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [client 127.0.0.1] client denied by serverconfiguration:
/srv/www/htdocs/
Posted by Nick Kew <ni...@webthing.com>.
James Pifer wrote:
> On Wed, 2009-02-18 at 14:49 -0700, Anthony J. Biacco wrote:
>> Hmm..do you have a <Directory /> block that's maybe denying it, or lack
>> of one?
>
> Ok, found this in the main httpd.conf. The virtual servers are all
> includes. So is it "safe" to comment this out?
No. Don't do that.
At a glance, your problem appears to be that you haven't enabled
Options Indexes.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] [client 127.0.0.1] client denied by
serverconfiguration: /srv/www/htdocs/
Posted by James Pifer <je...@obrien-pifer.com>.
On Wed, 2009-02-18 at 14:49 -0700, Anthony J. Biacco wrote:
> Hmm..do you have a <Directory /> block that's maybe denying it, or lack
> of one?
Ok, found this in the main httpd.conf. The virtual servers are all
includes. So is it "safe" to comment this out?
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] [client 127.0.0.1] client denied by serverconfiguration: /srv/www/htdocs/
Posted by "Anthony J. Biacco" <ab...@formatdynamics.com>.
Hmm..do you have a <Directory /> block that's maybe denying it, or lack
of one?
Do you have a http(s) load balancer on the same machine that's probing
apache for availability? That at least would explain the access log
entries you quoted.
-Tony
---------------------------
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abiacco@formatdynamics.com
http://www.formatdynamics.com
-----Original Message-----
From: James Pifer [mailto:jep@obrien-pifer.com]
Sent: Wednesday, February 18, 2009 2:30 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] [client 127.0.0.1] client denied by
serverconfiguration: /srv/www/htdocs/
> First, it has nothing to do with the user under which Apache runs.
> According to the message above, it is the /client/ that is being
denied
> by the server. It also says that the client is "calling" /from/ the
> address 127.0.0.1, which is the localhost (the Apache machine itself).
> So you have something running on your Apache machine, which tries to
> access that website on that same machine.
> Since it appears constantly, my guess is that is some automatic
process,
> probably something running to just check the server. Nagios maybe ?
>
Yes, that's what it seems like, but I can't see anything it could be. I
do monitor http from another server which checks for index.html
periodically. That is all successful.
Only thing I see in the access log is a bunch of:
127.0.0.1 - - [18/Feb/2009:15:26:39 -0600] "GET / HTTP/1.1" 403 1039
127.0.0.1 - - [18/Feb/2009:15:28:26 -0600] "GET / HTTP/1.0" 403 1051
> If you have perl installed on that Suse machine, try the following
> command, from a command-line window on the same machine :
> lwp-request -m GET -Sed http://localhost
> and post here what it answers.
I get:
# lwp-request -m GET -Sed http://localhost
GET http://localhost --> 403 Forbidden
Connection: close
Date: Wed, 18 Feb 2009 21:26:39 GMT
Accept-Ranges: bytes
Server: Apache/2.2.3 (Linux/SUSE)
Vary: accept-language,accept-charset
Content-Language: en
Content-Type: text/html; charset=iso-8859-1
Client-Date: Wed, 18 Feb 2009 21:26:39 GMT
Client-Peer: 127.0.0.1:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
Link: <ma...@mydomain.com>; /="/"; rev="made"
Title: Access forbidden!
So that basically confirms that localhost is denied. How do I allow
access and does it seem safe to allow it?
The configuration is:
<Directory /srv/www/htdocs/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Thanks,
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org