You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Georg Sauthoff <g_...@web.de> on 2007/08/07 21:51:38 UTC
[users@httpd] CGI works, but client denied error messages in error.log
Hi,
I have a working Apache 2 setup and Apache calls successfully the
cgi-scripts. The problem is, that for every successfull CGI-call I get a
'client denied by server configuration' error message into the error.log
file.
This message conflicts with the fact, that the CGI-call was executed
successfully and I saw the correct output in the Web browser.
I am basically using a '/ Deny all' policy and a ScriptAlias definition.
A minimal example:
NameVirtualHost *
<VirtualHost *>
DocumentRoot /var/www/
<Directory />
Options -FollowSymLinks -Indexes -Includes
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
ScriptAlias /project /var/www/project/cgi-bin/test.cgi
<Directory /var/www/project/cgi-bin>
Order Deny,Allow
Allow from all
</Directory>
</VirtualHost>
# cat test.cgi
#!/bin/sh
cat out.min
# cat out.min
Content-Type: text/html; charset=utf-8
Status: 200 OK
<HTML>
<HEAD></HEAD><BODY><H1>HELLO WORLD!</H1></BODY></HTML
Browser output from 127.0.0.1/project/bar:
very big: Hello World!
Error message in error.log:
[client 127.0.0.1] client denied by server configuration: /var/www/bar
Can someone explain me this behaviour? I don't understand this. This error
makes no sense for me, because the script execution works, apparently.
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Georg Sauthoff <g_...@web.de>.
On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
> On 08/08/2007, Georg Sauthoff <g_...@web.de> wrote:
[..]
>> Error message in error.log:
>> [client 127.0.0.1] client denied by server configuration: /var/www/bar
>> Can someone explain me this behaviour? I don't understand this. This error
>> makes no sense for me, because the script execution works, apparently.
> How perplexing. It's odd that the error message is for /var/www/bar
> and any project/cgi-bin parts. I wonder if there's more than one
[..]
Well, I debugged this issue with gdb. The error message is a result of
how the PATH_TRANSLATED cgi env variable is constructed.
For details of the analysis see my bug report:
http://issues.apache.org/bugzilla/show_bug.cgi?id=43666
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Georg Sauthoff <g_...@web.de>.
On 2007-08-08, Georg Sauthoff <g_...@web.de> wrote:
> On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
>> Some debugging tips:
>> http://wiki.apache.org/httpd/WatchingHttpHeaders
handy command lines - with those you don't have to worry about browser
caches/proxy configurations any more.
>> http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
Hm, this texts describes the 'normal' reason for this error message - in
the case I observe, no access is denied, and the stated url /var/www/bar
was not requested at all.
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Georg Sauthoff <g_...@web.de>.
On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
> On 08/08/2007, Georg Sauthoff <g_...@web.de> wrote:
>> Yes I do. Now I disabled it in my Firefox, and tcpdump shows only one
>> 'GET /project/bar ...' per request. Situation has not changed for
>> access/error.log files.
> Does the server still respond correctly with the cgi executed
> response? And is the 'client denied by server configuration' message
Yes.
> still appearing?
Yes.
> Some debugging tips:
> http://wiki.apache.org/httpd/WatchingHttpHeaders
> http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
Thanks, I will look into them.
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Vincent Bray <no...@gmail.com>.
On 08/08/2007, Georg Sauthoff <g_...@web.de> wrote:
> On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
> > You need to figure out where these two requests are originating. Have
> > you configured this server to be a forward proxy in your browser?
>
> Yes I do. Now I disabled it in my Firefox, and tcpdump shows only one
> 'GET /project/bar ...' per request. Situation has not changed for
> access/error.log files.
Does the server still respond correctly with the cgi executed
response? And is the 'client denied by server configuration' message
still appearing?
Some debugging tips:
http://wiki.apache.org/httpd/WatchingHttpHeaders
http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Georg Sauthoff <g_...@web.de>.
On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
>> Well, the access.log contains just one enty per cgi-request:
>> 127.0.0.1 - - [08/Aug/2007:11:08:32 +0200] "GET /project/bar
>> HTTP/1.1" 200
> Per cgi-request?
I mean per: 'type 127.0.0.1/project/bar into the browser and hit return
or click at reload'
>> I tcpdumped the connection and I only see two GET messages for each
>> cgi-request (which contain the requested url):
>> # tcpdump -i lo -A -s 0 -vv | grep GET
>> ...(...(GET http://127.0.0.1/project/bar HTTP/1.1
>> ...4...4GET /project/bar HTTP/1.1
>
> You need to figure out where these two requests are originating. Have
> you configured this server to be a forward proxy in your browser?
Yes I do. Now I disabled it in my Firefox, and tcpdump shows only one
'GET /project/bar ...' per request. Situation has not changed for
access/error.log files.
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Vincent Bray <no...@gmail.com>.
> Well, the access.log contains just one enty per cgi-request:
> 127.0.0.1 - - [08/Aug/2007:11:08:32 +0200] "GET /project/bar
> HTTP/1.1" 200
Per cgi-request?
> I tcpdumped the connection and I only see two GET messages for each
> cgi-request (which contain the requested url):
> # tcpdump -i lo -A -s 0 -vv | grep GET
> ...(...(GET http://127.0.0.1/project/bar HTTP/1.1
> ...4...4GET /project/bar HTTP/1.1
You need to figure out where these two requests are originating. Have
you configured this server to be a forward proxy in your browser?
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: CGI works, but client denied error messages in error.log
Posted by Georg Sauthoff <g_...@web.de>.
On 2007-08-08, Vincent Bray <no...@gmail.com> wrote:
> On 08/08/2007, Georg Sauthoff <g_...@web.de> wrote:
>> I have a working Apache 2 setup and Apache calls successfully the
>> cgi-scripts. The problem is, that for every successfull CGI-call I get a
>> 'client denied by server configuration' error message into the error.log
>> file.
[..]
>> Browser output from 127.0.0.1/project/bar:
>> very big: Hello World!
>> Error message in error.log:
>> [client 127.0.0.1] client denied by server configuration: /var/www/bar
[..]
> How perplexing. It's odd that the error message is for /var/www/bar
Yes, very odd, indeed.
> and any project/cgi-bin parts. I wonder if there's more than one
> request involved, possibly for something like a favicon.ico file?
> Check your access log as well as the error log and see how many
> entries you get per request.
Well, the access.log contains just one enty per cgi-request:
127.0.0.1 - - [08/Aug/2007:11:08:32 +0200] "GET /project/bar
HTTP/1.1" 200
I tcpdumped the connection and I only see two GET messages for each
cgi-request (which contain the requested url):
# tcpdump -i lo -A -s 0 -vv | grep GET
...(...(GET http://127.0.0.1/project/bar HTTP/1.1
...4...4GET /project/bar HTTP/1.1
Best regards
Georg Sauthoff
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] CGI works, but client denied error messages in error.log
Posted by Vincent Bray <no...@gmail.com>.
On 08/08/2007, Georg Sauthoff <g_...@web.de> wrote:
> I have a working Apache 2 setup and Apache calls successfully the
> cgi-scripts. The problem is, that for every successfull CGI-call I get a
> 'client denied by server configuration' error message into the error.log
> file.
>
> This message conflicts with the fact, that the CGI-call was executed
> successfully and I saw the correct output in the Web browser.
>
> I am basically using a '/ Deny all' policy and a ScriptAlias definition.
> A minimal example:
>
> NameVirtualHost *
> <VirtualHost *>
> DocumentRoot /var/www/
>
> <Directory />
> Options -FollowSymLinks -Indexes -Includes
> AllowOverride None
> Order Deny,Allow
> Deny from all
> </Directory>
>
>
> ScriptAlias /project /var/www/project/cgi-bin/test.cgi
> <Directory /var/www/project/cgi-bin>
> Order Deny,Allow
> Allow from all
> </Directory>
> </VirtualHost>
>
> # cat test.cgi
> #!/bin/sh
>
> cat out.min
>
> # cat out.min
> Content-Type: text/html; charset=utf-8
> Status: 200 OK
>
> <HTML>
> <HEAD></HEAD><BODY><H1>HELLO WORLD!</H1></BODY></HTML
>
> Browser output from 127.0.0.1/project/bar:
> very big: Hello World!
>
> Error message in error.log:
> [client 127.0.0.1] client denied by server configuration: /var/www/bar
>
>
> Can someone explain me this behaviour? I don't understand this. This error
> makes no sense for me, because the script execution works, apparently.
How perplexing. It's odd that the error message is for /var/www/bar
and any project/cgi-bin parts. I wonder if there's more than one
request involved, possibly for something like a favicon.ico file?
Check your access log as well as the error log and see how many
entries you get per request.
--
noodl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org