You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jordan Thompson <Jo...@ThompCo.com> on 2002/11/28 21:44:18 UTC
[users@httpd] simple configuration - this is too hard
Hi all,
I am trying to set up a simple server at home. My Mandrake came with apache
and I get the following message when I try to access _some_ pages:
Forbidden
You don't have permission to access *some directory* on this server.
I have put :
<Directory />
Options -Indexes FollowSymLinks
AllowOverride None
</Directory>
in the commonhttpd.conf file. There are only a few directories in the
/var/www/html path were I want to restrict access. I just am looking for a
simple solution. I have read the FAQ and don't really see what I am missing.
thanks,
Jordan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Sebastien Bellerive <se...@sympatico.ca>.
The httpd runs as a specific user, and that user needs to have at the very
least read access to the html root directories.. I'd look at that 1st...
Seb
----- Original Message -----
From: "Jordan Thompson" <Jo...@ThompCo.com>
To: <us...@httpd.apache.org>
Sent: Thursday, November 28, 2002 12:44 PM
Subject: [users@httpd] simple configuration - this is too hard
> Hi all,
> I am trying to set up a simple server at home. My Mandrake came with
apache
> and I get the following message when I try to access _some_ pages:
>
> Forbidden
> You don't have permission to access *some directory* on this server.
>
> I have put :
> <Directory />
> Options -Indexes FollowSymLinks
> AllowOverride None
> </Directory>
>
> in the commonhttpd.conf file. There are only a few directories in the
> /var/www/html path were I want to restrict access. I just am looking for
a
> simple solution. I have read the FAQ and don't really see what I am
missing.
>
> thanks,
> Jordan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Sebastien Bellerive <se...@sympatico.ca>.
Ah.. Actually yes.. Forget that I said anything... (then again, make sure
your documentroot isn't / heh)
Blame it on lack of sleep ;-)
(And that other email from me was sent hours before this one, and is
probably more relevent as i was probably less tired)
Seb, the sometimes right... :0
> > This:
> >
> > <Directory />
> > Options -Indexes FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > Tells your webserver that http://www.youraddress.com/index.html has a
local
> > path of /index.html, and not /var/www/html/index.html
>
> Sorry, but this is incorrect.
> The <Directory> block applies options and configuration based upon the
path
> on the filesystem. It has no effect whatsoever on the DocumentRoot (which
> defines where "/" is placed on your filesystem.
>
>
> Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Zac Stevens <zt...@cryptocracy.com>.
On Thu, Nov 28, 2002 at 03:00:19PM -0800, Sebastien Bellerive wrote:
> This:
>
> <Directory />
> Options -Indexes FollowSymLinks
> AllowOverride None
> </Directory>
>
> Tells your webserver that http://www.youraddress.com/index.html has a local
> path of /index.html, and not /var/www/html/index.html
Sorry, but this is incorrect.
The <Directory> block applies options and configuration based upon the path
on the filesystem. It has no effect whatsoever on the DocumentRoot (which
defines where "/" is placed on your filesystem.
Zac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Sebastien Bellerive <se...@sympatico.ca>.
This:
<Directory />
Options -Indexes FollowSymLinks
AllowOverride None
</Directory>
Tells your webserver that http://www.youraddress.com/index.html has a local
path of /index.html, and not /var/www/html/index.html
Theoreticly, http://www.youraddress.com/var/www/html/ would work for you,
if your httpd can read those dirs..
In other words, try:
<Directory /var/www/html>
Options -Indexes FollowSymLinks
AllowOverride None
</Directory>
(note that with <directory /> one can technically do:
http://www.youraddress.com/etc/passwd or /shadow or what ever... a nice, big
open system as far as security goes...)
Seb
----- Original Message -----
From: "Remo Mattei" <re...@italy1.com>
To: <us...@httpd.apache.org>
Sent: Thursday, November 28, 2002 2:20 PM
Subject: Re: [users@httpd] simple configuration - this is too hard
> Did you try to pull the page instead of going to the / root location
> meaning localhost/index.html you may want to check directory browsing if
> that helps.
>
>
> --
> Ciao,
> Remo Mattei
>
>
> > From: "Jordan Thompson" <Jo...@ThompCo.com>
> > Reply-To: users@httpd.apache.org
> > Date: Thu, 28 Nov 2002 15:44:18 -0500
> > To: <us...@httpd.apache.org>
> > Subject: [users@httpd] simple configuration - this is too hard
> >
> > Hi all,
> > I am trying to set up a simple server at home. My Mandrake came with
apache
> > and I get the following message when I try to access _some_ pages:
> >
> > Forbidden
> > You don't have permission to access *some directory* on this server.
> >
> > I have put :
> > <Directory />
> > Options -Indexes FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > in the commonhttpd.conf file. There are only a few directories in the
> > /var/www/html path were I want to restrict access. I just am looking
for a
> > simple solution. I have read the FAQ and don't really see what I am
missing.
> >
> > thanks,
> > Jordan
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Remo Mattei <re...@italy1.com>.
Did you try to pull the page instead of going to the / root location
meaning localhost/index.html you may want to check directory browsing if
that helps.
--
Ciao,
Remo Mattei
> From: "Jordan Thompson" <Jo...@ThompCo.com>
> Reply-To: users@httpd.apache.org
> Date: Thu, 28 Nov 2002 15:44:18 -0500
> To: <us...@httpd.apache.org>
> Subject: [users@httpd] simple configuration - this is too hard
>
> Hi all,
> I am trying to set up a simple server at home. My Mandrake came with apache
> and I get the following message when I try to access _some_ pages:
>
> Forbidden
> You don't have permission to access *some directory* on this server.
>
> I have put :
> <Directory />
> Options -Indexes FollowSymLinks
> AllowOverride None
> </Directory>
>
> in the commonhttpd.conf file. There are only a few directories in the
> /var/www/html path were I want to restrict access. I just am looking for a
> simple solution. I have read the FAQ and don't really see what I am missing.
>
> thanks,
> Jordan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] directories with no index.html - how to handle?
Posted by Justin Williams <ju...@naturalwebs.com>.
Those, you need to enable directory indexing on, if you want to display lists
of files/directories.
On Saturday 30 November 2002 07:40 pm, Jordan Thompson wrote:
> Hi there,
> How are you supposed to handle directories with no index.html file? I have
> some with either only images or only directories. When I try to open one
> of these up one of these, I get "
> Forbidden
> You don't have permission to access *path* on this server.
>
> thanks,
> Jordan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] directories with no index.html - how to handle?
Posted by Jordan Thompson <Jo...@ThompCo.com>.
That did it - thanks Muhammad.
----- Original Message -----
From: "Muhammad Naseer Bhatti" <na...@ilm.edu>
To: <us...@httpd.apache.org>
Sent: Saturday, November 30, 2002 2:44 PM
Subject: Re: [users@httpd] directories with no index.html - how to handle?
> Use the option of +Indexes in the config file and you will actually
be
> able to browse the files.
>
> Naseer
>
> ----- Original Message -----
> From: "Jordan Thompson" <Jo...@ThompCo.com>
> To: <us...@httpd.apache.org>
> Sent: Sunday, December 01, 2002 12:40 AM
> Subject: [users@httpd] directories with no index.html - how to handle?
>
>
> > Hi there,
> > How are you supposed to handle directories with no index.html file? I
> have
> > some with either only images or only directories. When I try to open
one
> of
> > these up one of these, I get "
> > Forbidden
> > You don't have permission to access *path* on this server.
> >
> > thanks,
> > Jordan
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] directories with no index.html - how to handle?
Posted by Muhammad Naseer Bhatti <na...@ilm.edu>.
Use the option of +Indexes in the config file and you will actually be
able to browse the files.
Naseer
----- Original Message -----
From: "Jordan Thompson" <Jo...@ThompCo.com>
To: <us...@httpd.apache.org>
Sent: Sunday, December 01, 2002 12:40 AM
Subject: [users@httpd] directories with no index.html - how to handle?
> Hi there,
> How are you supposed to handle directories with no index.html file? I
have
> some with either only images or only directories. When I try to open one
of
> these up one of these, I get "
> Forbidden
> You don't have permission to access *path* on this server.
>
> thanks,
> Jordan
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] directories with no index.html - how to handle?
Posted by Jordan Thompson <Jo...@ThompCo.com>.
Hi there,
How are you supposed to handle directories with no index.html file? I have
some with either only images or only directories. When I try to open one of
these up one of these, I get "
Forbidden
You don't have permission to access *path* on this server.
thanks,
Jordan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Jordan Thompson <Jo...@ThompCo.com>.
> If I'm not mistaken, the directory needs to be executable as well (which
> allows Apache to see its contents, etc.). chmod +X (note capital X) is
> particularly helpful for this, as it sets the executable flag on
directories
> but won't set it on anything else.
Daniel - that helped tremendously(!) - thanks.
What about directories with no index.html? I have a directory with only
directories in it and another with only images. This used to work...
thanks for your help,
Jordan
>
> -- Daniel Grace
> Certified 99.9997% lurker
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Daniel Grace <ru...@earthlink.net>.
> > See:
> > http://httpd.apache.org/docs/misc/FAQ.html#forbidden
> >
> > In specific, start by checking the error log. If it doesn't have
anything
> > useful, check the permission on the file, the directory, and all parent
> > directories.
>
> I changed all files so that they are 444 and owned by apache. I changed
> their groups to be apache also.
[snip]
If I'm not mistaken, the directory needs to be executable as well (which
allows Apache to see its contents, etc.). chmod +X (note capital X) is
particularly helpful for this, as it sets the executable flag on directories
but won't set it on anything else.
-- Daniel Grace
Certified 99.9997% lurker
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Jordan Thompson <Jo...@ThompCo.com>.
>
> I changed all files so that they are 444 and owned by apache. I changed
> their groups to be apache also. Now nothing works (I get the error below
> whenever I access my server.)
Forgot to mention that I *have* checked my logs and there is no complaints.
thanks,
Jordan
>
> > Forbidden
> > You don't have permission to access *some directory* on this server.
>
> thanks,
> Jordan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Joshua Slive <jo...@slive.ca>.
On Sat, 30 Nov 2002, Jordan Thompson wrote:
> > See:
> > http://httpd.apache.org/docs/misc/FAQ.html#forbidden
> >
> > In specific, start by checking the error log. If it doesn't have anything
> > useful, check the permission on the file, the directory, and all parent
> > directories.
>
> I changed all files so that they are 444 and owned by apache. I changed
> their groups to be apache also. Now nothing works (I get the error below
> whenever I access my server.)
Did you check the directory and ALL PARENT DIRECTORIES to make sure they
at least searchable (chmod +x) by the web server user?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Jordan Thompson <Jo...@ThompCo.com>.
> See:
> http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>
> In specific, start by checking the error log. If it doesn't have anything
> useful, check the permission on the file, the directory, and all parent
> directories.
I changed all files so that they are 444 and owned by apache. I changed
their groups to be apache also. Now nothing works (I get the error below
whenever I access my server.)
> Forbidden
> You don't have permission to access *some directory* on this server.
thanks,
Jordan
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] simple configuration - this is too hard
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 28 Nov 2002, Jordan Thompson wrote:
> Forbidden
> You don't have permission to access *some directory* on this server.
See:
http://httpd.apache.org/docs/misc/FAQ.html#forbidden
In specific, start by checking the error log. If it doesn't have anything
useful, check the permission on the file, the directory, and all parent
directories.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org