You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Jonathan S. Abrams" <j....@nutmegaudiopost.com> on 2006/02/07 21:07:16 UTC
[users@httpd] DirectoryIndex in *.conf WAS 403 Forbidden Error
I have had a breakthrough, though I do not have a solution yet. In my
.conf file, there is a line that reads
DirectoryIndex index.html index.php index.shtml.
Beneath that line, later in the .conf file, I have this:
<VirtualHost *:80>
DocumentRoot /Library/WebServer/new_FTP-Server/
<Directory /Library/WebServer/new_FTP-Server/>
AllowOverride None
Options Indexes ExecCGI IncludesNoExec
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
So, what I believe is going on here is this. Even though I have a line
that reads "Options Indexes" inside the <Directory> tags, which are
inside the <VirtualHost> tags, the DirectoryIndex line at the top of the
.conf file is overriding the "Options Indexes" later in the file. Could
this be? If so, why? If the DirectoryIndex line should not (or does
not) override the "Options Indexes" line later in the file, then I guess
I am back at the original problem.
Thanks for your help everyone!
-Jonathan
Jonathan S. Abrams wrote:
> Joshua Slive wrote:
>
>> On 2/7/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
>>
>>
>>> Joshua Slive wrote:
>>>
>>>
>>>> Other than that, you will need to get into more serious debugging like
>>>> running "strace httpd -X" and seeing what syscall is failing.
>>>>
>>>
>>> Does strace exist for Tiger server? When I type man strace, I get
>>> nothing. When I typed in the command you suggested, the response I got
>>> was -bash: strace: command not found.
>>>
>>
>>
>> Try "ktrace". I've never used it, but that is supposed to work.
>>
> Well, after reading the man page, I determined that I need to type
>
> ktrace -idg 390
>
> Unfortunately, the output in terminal reads ktrace: ktrace.out:
> Operation not permitted
>
> Bummer.
> -Jonathan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DirectoryIndex in *.conf WAS 403 Forbidden Error
Posted by "Jonathan S. Abrams" <j....@nutmegaudiopost.com>.
Thank you to Joshua and everyone else that contributed to this thread.
Not only did I learn a new Terminal command (ktrace), but I also solved
the problem and have a slightly better understanding of how Apache
recommends *.conf files be laid out. It turns out the one that was
setup for us previously worked, but it certainly didn't have the Apache
recommended format.
Cheers!
-Jonathan
Joshua Slive wrote:
>On 2/7/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
>
>
>
>> "[Tue Feb 07 16:00:14 2006] [error] [client 198.65.202.94]
>>Directory in\
>> dex forbidden by rule: /Library/WebServer/new_FTP-Server/test/
>>
>>
>
>There is the error log entry that you kept promising us didn't exist.
>You must be looking in the wrong error log.
>
>The entry tells us that you do not have "Options Indexes" set on the
>directory in question.
>
>Looking at the VirtualHost config you posted above, I note that it
>looks like a name-based virtual host, but there is no ServerName
>directive. So I suspect that this <VirtualHost> block is not being
>used at all. This would explain why the configurations contained in
>it have no effect, and also why the errors are getting sent to a
>different log file.
>
>So you need to start by figuring out which <VirtualHost> block (if
>any) is actually serving the request, and adjust the configuration in
>that block.
>
>Joshua.
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DirectoryIndex in *.conf WAS 403 Forbidden Error
Posted by Joshua Slive <jo...@slive.ca>.
On 2/7/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
> "[Tue Feb 07 16:00:14 2006] [error] [client 198.65.202.94]
> Directory in\
> dex forbidden by rule: /Library/WebServer/new_FTP-Server/test/
There is the error log entry that you kept promising us didn't exist.
You must be looking in the wrong error log.
The entry tells us that you do not have "Options Indexes" set on the
directory in question.
Looking at the VirtualHost config you posted above, I note that it
looks like a name-based virtual host, but there is no ServerName
directive. So I suspect that this <VirtualHost> block is not being
used at all. This would explain why the configurations contained in
it have no effect, and also why the errors are getting sent to a
different log file.
So you need to start by figuring out which <VirtualHost> block (if
any) is actually serving the request, and adjust the configuration in
that block.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DirectoryIndex in *.conf WAS 403 Forbidden Error
Posted by "Jonathan S. Abrams" <j....@nutmegaudiopost.com>.
Joshua Slive wrote:
>DirectoryIndex and Options Indexes do not override each other. They
>are complementary.
>
>
That's what I initially thought.
>I strongly suspect that you have a simple config or unix permissions
>problem.
>
It must be config, because the unix permissions are correct.
> But there is not much that can be done at this point unless
>you can use basic debugging tools.
>
You mean ktrace? Perhaps this is enough data from ktrace to determine
what isn't going on?
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.shtml"
528 httpd RET lstat -1 errno 2 No such file or directory
528 httpd CALL stat(0x18f44f8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.html"
528 httpd RET stat -1 errno 2 No such file or directory
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.html"
528 httpd RET lstat -1 errno 2 No such file or directory
528 httpd CALL stat(0x18f44e0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.php"
528 httpd RET stat -1 errno 2 No such file or directory
528 httpd CALL lstat(0x18f45a8,0xbffff4a8)
528 httpd NAMI "/Library"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45a8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45a8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45a8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45a8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.php"
528 httpd RET lstat -1 errno 2 No such file or directory
528 httpd CALL stat(0x18f44f8,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.shtml"
528 httpd RET stat -1 errno 2 No such file or directory
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test"
528 httpd RET lstat 0
528 httpd CALL lstat(0x18f45c0,0xbffff4a8)
528 httpd NAMI "/Library/WebServer/new_FTP-Server/test/index.shtml"
528 httpd RET lstat -1 errno 2 No such file or directory
528 httpd CALL sigprocmask(0x1,0,0x1179e64)
528 httpd RET sigprocmask 0
528 httpd CALL write(0x8,0xbfff9648,0x85)
528 httpd GIO fd 8 wrote 133 bytes
"[Tue Feb 07 16:00:14 2006] [error] [client 198.65.202.94]
Directory in\
dex forbidden by rule: /Library/WebServer/new_FTP-Server/test/
"
528 httpd RET write 133/0x85
528 httpd CALL read(0xd,0x18db228,0x1f40)
528 httpd RET read -1 errno 35 Resource temporarily unavailable
528 httpd CALL writev(0xd,0xbfffd790,0x2)
528 httpd GIO fd 13 wrote 594 bytes
"HTTP/1.1 403 Forbidden\r
Date: Tue, 07 Feb 2006 21:00:14 GMT\r
Server: Apache/2.0.55 (Unix) PHP/4.4.2 mod_ssl/2.0.55
OpenSSL/0.9.7i\r
Content-Length: 338\r
Keep-Alive: timeout=15, max=100\r
Connection: Keep-Alive\r
Content-Type: text/html; charset=iso-8859-1\r
\r
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /test/
on this server.</p>
<hr>
<address>Apache/2.0.55 (Unix) PHP/4.4.2 mod_ssl/2.0.55
OpenSSL/0.9.7i \
Server at clients.nutmegaudiopost.com Port 80</address>
</body></html>
"
528 httpd RET writev 594/0x252
528 httpd CALL write(0xc,0x18e5018,0xaa)
528 httpd GIO fd 12 wrote 170 bytes
"a.b.c.d - - [07/Feb/2006:16:00:14 -0500] "GET /test/ HTTP/1.1" 4\
03 338 "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8)\
Gecko/20051229 Camino/1.0b2"
"
528 httpd RET write 170/0xaa
528 httpd CALL getrusage(0,0xbffff890)
528 httpd RET getrusage 0
528 httpd CALL getrusage(0xffffffff,0xbffff890)
528 httpd RET getrusage 0
528 httpd CALL
select(0xe,0xbffff430,0xbffff4b0,0xbffff530,0xbffff428)
390 httpd RET select 0
390 httpd CALL wait4(0xffffffff,0xbffffa78,0x3,0)
390 httpd RET wait4 0
390 httpd CALL select(0,0,0,0,0xbffffa78)
390 httpd RET select 0
390 httpd CALL wait4(0xffffffff,0xbffffa78,0x3,0)
390 httpd RET wait4 0
390 httpd CALL select(0,0,0,0,0xbffffa78)
390 httpd RET select 0
390 httpd CALL wait4(0xffffffff,0xbffffa78,0x3,0)
390 httpd RET wait4 0
390 httpd CALL select(0,0,0,0,0xbffffa78)
390 httpd RET select 0
390 httpd CALL wait4(0xffffffff,0xbffffa78,0x3,0)
390 httpd RET wait4 0
390 httpd CALL select(0,0,0,0,0xbffffa78)
390 httpd RET select 0
390 httpd CALL wait4(0xffffffff,0xbffffa78,0x3,0)
390 httpd RET wait4 0
390 httpd CALL select(0,0,0,0,0xbffffa78)
> (One additional thing that might
>be useful to see is an "ls -la" from inside the problem directory.)
>
>
-rwxrwxrwx 1 admin admin 16 Feb 7 13:05 index.txt
-rwxrwxrwx 1 admin admin 14 Jan 19 12:32 stats.php
Thanks for your patience!
-Jonathan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] DirectoryIndex in *.conf WAS 403 Forbidden Error
Posted by Joshua Slive <jo...@slive.ca>.
On 2/7/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
> I have had a breakthrough, though I do not have a solution yet. In my
> .conf file, there is a line that reads
>
> DirectoryIndex index.html index.php index.shtml.
>
> Beneath that line, later in the .conf file, I have this:
>
> <VirtualHost *:80>
> DocumentRoot /Library/WebServer/new_FTP-Server/
> <Directory /Library/WebServer/new_FTP-Server/>
> AllowOverride None
> Options Indexes ExecCGI IncludesNoExec
> Order allow,deny
> Allow from all
> </Directory>
> </VirtualHost>
>
> So, what I believe is going on here is this. Even though I have a line
> that reads "Options Indexes" inside the <Directory> tags, which are
> inside the <VirtualHost> tags, the DirectoryIndex line at the top of the
> .conf file is overriding the "Options Indexes" later in the file. Could
> this be? If so, why? If the DirectoryIndex line should not (or does
> not) override the "Options Indexes" line later in the file, then I guess
> I am back at the original problem.
DirectoryIndex and Options Indexes do not override each other. They
are complementary.
I strongly suspect that you have a simple config or unix permissions
problem. But there is not much that can be done at this point unless
you can use basic debugging tools. (One additional thing that might
be useful to see is an "ls -la" from inside the problem directory.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org