You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2007/10/20 21:57:12 UTC
DO NOT REPLY [Bug 43666] New: - CGI works, but client denied error messages in error.log
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43666>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43666
Summary: CGI works, but client denied error messages in error.log
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: g_sauthoff@web.de
Hi,
I have a working Apache 2 setup and Apache calls successfully the
cgi-scripts. The problem is, that for every successfull CGI-call I get a
'client denied by server configuration' error message into the error.log
file.
This message conflicts with the fact, that the CGI-call was executed
successfully and I saw the correct output in the Web browser.
I am basically using a '/ Deny all' policy and a ScriptAlias definition.
A minimal working example which reproduces the error follows at the end of the
report.
Analysis:
I debugged this issue a bit and it:
- check_dir_access() is called two times for every cgi request
- the 2nd check_dir_access() call actually prints the 'client denied' error
message
=> the cause is server/util_script.c:ap_add_cgi_vars()
- to construct PATH_TRANSLATED ap_sub_req_lookup_uri() is called and as a
result a few frames later check_dir_access() is called
Conclusion:
Well, the problems with this wrong error messages are:
1. it makes no sense, because the cgi-script don't use apaches access control
mechanism
2. such wrong messages hide real error messages
Minimal working example:
NameVirtualHost *
<VirtualHost *>
DocumentRoot /var/www/
<Directory />
Options -FollowSymLinks -Indexes -Includes -ExecCgi
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
ScriptAlias /project /var/www/project/cgi-bin/test.cgi
<Directory /var/www/project/cgi-bin>
SetHandler cgi-script
Options +ExecCGI
Order Deny,Allow
Allow from all
</Directory>
</VirtualHost>
# cat test.cgi
#!/bin/sh
cat out.min
# cat out.min
Content-Type: text/html; charset=utf-8
Status: 200 OK
<HTML>
<HEAD></HEAD><BODY><H1>HELLO WORLD!</H1></BODY></HTML>
# curl http://127.0.0.1/project/bar
<HTML>
<HEAD></HEAD><BODY><H1>HELLO WORLD!</H1></BODY></HTML>
Error message in error.log:
[error] [client 127.0.0.1] client denied by server configuration: /var/www/bar
Before the debugging the problem with gdb I discussed it two months ago at the
apache user mailing list:
http://thread.gmane.org/gmane.comp.apache.user/70767/focus=70804
(at that time nobody could identify the cause for this wrong error messages)
Best regards
Georg Sauthoff
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org