You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "J. Stephens" <on...@gmail.com> on 2011/04/28 16:37:33 UTC

[users@httpd] 403 error on Default Directory

I am getting 403 errors when I add a new vhost. at testing601.remcycle.net I get 403, but at testing601.remcycle.net/index.html it works. What are the possible causes of this 403 error?


This server is running under Debian Squeeze

Troubleshoot already done:

1.The directory is chmoded at 710 and has the correct group and user ownership.
2.I looked in the vhost file for a directory index, but find nothing and when I add one it does not do anything after restarting apache2.

What are other causes for this issue?

Re: [users@httpd] 403 error on Default Directory

Posted by Eric Covener <co...@gmail.com>.

Use the PT flag if you rewrite in vhost context and the substitution is a
url instead of a filesystem path. Url2file is the default, but when the
substance prefix doesn't exist it treats it as url2url. PT forces it
 On May 1, 2011 9:52 PM, "J. Stephens" <on...@gmail.com> wrote:
> I think I found the real issue.
>
> In the vhosts it has
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} ^test.remcycle.net [NC]
> RewriteRule ^/(.*)$ /$1
> RewriteCond %{HTTP_HOST} ^www.test.remcycle.net [NC]
> RewriteRule ^/(.*)$ /$1
>
> After removing this and restarting the website seems to work. I will be
doing a little reading on the rewrite engine to find out why this causes the
403 error, but I believe this to be the root cause of the issue.
>
>
>
> On May 1, 2011, at 7:01 PM, Eric Covener wrote:
>
>> On Sun, May 1, 2011 at 5:13 PM, J. Stephens <on...@gmail.com>
wrote:
>>> I know I should add the root directory due to security, but I am getting
>>> this error.
>>> website error.log:
>>>
>>> Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied
by
>>> server configuration: /
>>>
>>> I guess I need to be asking why it needs access to the root of the
computer
>>> and not just the website directory.
>>
>> It doesn't. That's a URL in the error message, not the root of your
filesystem.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>

Re: [users@httpd] 403 error on Default Directory

Posted by "J. Stephens" <on...@gmail.com>.

I think I found the real issue. 

In the vhosts it has 

    RewriteEngine on
    RewriteCond %{HTTP_HOST}   ^test.remcycle.net [NC]
    RewriteRule   ^/(.*)$ /$1  
    RewriteCond %{HTTP_HOST}   ^www.test.remcycle.net [NC]
    RewriteRule   ^/(.*)$ /$1  

After removing this and restarting the website seems to work. I will be doing a little reading on the rewrite engine to find out why this causes the 403 error, but I believe this to be the root cause of the issue.



On May 1, 2011, at 7:01 PM, Eric Covener wrote:

> On Sun, May 1, 2011 at 5:13 PM, J. Stephens <on...@gmail.com> wrote:
>> I know I should add the root directory due to security, but I am getting
>> this error.
>> website error.log:
>> 
>> Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied by
>> server configuration: /
>> 
>> I guess I need to be asking why it needs access to the root of the computer
>> and not just the website directory.
> 
> It doesn't.  That's a URL in the error message, not the root of your filesystem.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Re: [users@httpd] 403 error on Default Directory

Posted by Eric Covener <co...@gmail.com>.

On Sun, May 1, 2011 at 5:13 PM, J. Stephens <on...@gmail.com> wrote:
> I know I should add the root directory due to security, but I am getting
> this error.
> website error.log:
>
> Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied by
> server configuration: /
>
> I guess I need to be asking why it needs access to the root of the computer
> and not just the website directory.

It doesn't.  That's a URL in the error message, not the root of your filesystem.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] 403 error on Default Directory

Posted by "J. Stephens" <on...@gmail.com>.

I know I should add the root directory due to security, but I am getting this error.

website error.log:

Thu Mar 24 19:23:05 2011] [error] [client 98.226.168.246] client denied by server configuration: /


I guess I need to be asking why it needs access to the root of the computer and not just the website directory.

On Apr 30, 2011, at 9:56 PM, Yehuda Katz wrote:

> On Fri, Apr 29, 2011 at 11:00 AM, J. Stephens <on...@gmail.com> wrote:
> The solution to the problem was that I needed to add  a <Directory/> to the vhost. I do not know why it would need the root directory, but as long as it is fixed then I do not care. Would this cause any security risks or is it fine to add this directory?
> 
> I would not recommend doing that. You should add permissions for as few directories as possible.
> If it only works when you add the root directory, then you have some other problem and you should probably try to find out what it is.
> 
> - Yehuda

Re: [users@httpd] 403 error on Default Directory

Posted by Yehuda Katz <ye...@ymkatz.net>.

On Fri, Apr 29, 2011 at 11:00 AM, J. Stephens <on...@gmail.com>wrote:

> The solution to the problem was that I needed to add  a <Directory/> to
> the vhost. I do not know why it would need the root directory, but as long
> as it is fixed then I do not care. Would this cause any security risks or is
> it fine to add this directory?
>

I would not recommend doing that. You should add permissions for as few
directories as possible.
If it only works when you add the root directory, then you have some other
problem and you should probably try to find out what it is.

- Yehuda

Re: [users@httpd] 403 error on Default Directory

Posted by "J. Stephens" <on...@gmail.com>.

The solution to the problem was that I needed to add  a <Directory/> to the vhost. I do not know why it would need the root directory, but as long as it is fixed then I do not care. Would this cause any security risks or is it fine to add this directory?

BTW: Thank you for your responses it has helped a bunch.
On Apr 28, 2011, at 10:30 PM, Yehuda Katz wrote:

> On Thu, Apr 28, 2011 at 1:53 PM, J. Stephens <on...@gmail.com> wrote:
> error log says "[Thu Apr 28 13:50:57 2011] [error] [client 98.226.168.246] client denied by server configuration: /"
> my website is at /var/www/testing600.remcycle.net/. Should it be saying that directory and not the root directory?
>> On Thu, Apr 28, 2011 at 10:37 AM, J. Stephens <on...@gmail.com> wrote:
>> I am getting 403 errors when I add a new vhost. at testing601.remcycle.net I get 403, but at testing601.remcycle.net/index.html it works. What are the possible causes of this 403 error?
> 
> All it is telling you is the configuration that is being inherited from a config for /.
> 
> The closest thing I have to Debian Squeeze is Ubuntu Lucid Lynx (10.04). It has this comment in "/etc/apache2/conf.d/security":
> # Disable access to the entire file system except for the directories that
> # are explicitly allowed later.
> #
> # This currently breaks the configurations that come with some web application
> # Debian packages. It will be made the default for the release after lenny.
> #
> #<Directory />
> #       AllowOverride None
> #       Order Deny,Allow
> #       Deny from all
> #</Directory>
> 
> Since Squeeze is after Lenny, this might mean that a good place to start looking for your problem is wherever you have your <Directory /var/www/testing600.remcycle.net/> directive.
> 
> Do you have the mod_info handler enabled? It might be able to help find the offending directive.
> (Documentation: http://httpd.apache.org/docs/2.2/mod/mod_info.html)
> 
> 
> - Yehuda

Re: [users@httpd] 403 error on Default Directory

Posted by Yehuda Katz <ye...@ymkatz.net>.

On Thu, Apr 28, 2011 at 1:53 PM, J. Stephens <on...@gmail.com>wrote:

> error log says "[Thu Apr 28 13:50:57 2011] [error] [client 98.226.168.246]
> client denied by server configuration: /"
> my website is at /var/www/testing600.remcycle.net/. Should it be saying
> that directory and not the root directory?
>
> On Thu, Apr 28, 2011 at 10:37 AM, J. Stephens <on...@gmail.com>wrote:
>
>> I am getting 403 errors when I add a new vhost. at
>> testing601.remcycle.net I get 403, but at
>> testing601.remcycle.net/index.html it works. What are the possible causes
>> of this 403 error?
>>
> All it is telling you is the configuration that is being inherited from a
config for /.

The closest thing I have to Debian Squeeze is Ubuntu Lucid Lynx (10.04). It
has this comment in "/etc/apache2/conf.d/security":

> # Disable access to the entire file system except for the directories that
> # are explicitly allowed later.
> #
> # This currently breaks the configurations that come with some web
> application
> # Debian packages. It will be made the default for the release after lenny.
> #
> #<Directory />
> #       AllowOverride None
> #       Order Deny,Allow
> #       Deny from all
> #</Directory>

Since Squeeze is after Lenny, this might mean that a good place to start
looking for your problem is wherever you have your <Directory /var/www/
testing600.remcycle.net/> directive.

Do you have the mod_info handler enabled? It might be able to help find the
offending directive.
(Documentation: http://httpd.apache.org/docs/2.2/mod/mod_info.html)

- Yehuda

Re: [users@httpd] 403 error on Default Directory

Posted by "J. Stephens" <on...@gmail.com>.

error log says "[Thu Apr 28 13:50:57 2011] [error] [client 98.226.168.246] client denied by server configuration: /
"

my website is at /var/www/testing600.remcycle.net/. Should it be saying that directory and not the root directory?

On Apr 28, 2011, at 10:40 AM, Yehuda Katz wrote:

> On Thu, Apr 28, 2011 at 10:37 AM, J. Stephens <on...@gmail.com> wrote:
> I am getting 403 errors when I add a new vhost. at testing601.remcycle.net I get 403, but at testing601.remcycle.net/index.html it works. What are the possible causes of this 403 error?
> 
> Check the error log.

Re: [users@httpd] 403 error on Default Directory

Posted by Yehuda Katz <ye...@ymkatz.net>.

On Thu, Apr 28, 2011 at 10:37 AM, J. Stephens <on...@gmail.com>wrote:

> I am getting 403 errors when I add a new vhost. at testing601.remcycle.netI get 403, but at
> testing601.remcycle.net/index.html it works. What are the possible causes
> of this 403 error?
>

Check the error log.