You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Kaushal Shriyan <ka...@gmail.com> on 2006/02/27 14:38:04 UTC
[users@httpd] Forbidden
Hi
I have this below tag in httpd.conf
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from .blue.com
</Location>
when I access http://bdc5353.test.abc.com/server-status
It gives
Forbidden
You don't have permission to access /server-status on this server.
Thanks in Advance
Regards
Kaushal
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Eugene <li...@fsck.net>.
On Mon, Feb 27, 2006 at 08:24:10AM CST, Kaushal Shriyan <ka...@gmail.com> wrote:
: On 2/27/06, Joshua Slive <jo...@slive.ca> wrote:
: > On 2/27/06, Kaushal Shriyan <ka...@gmail.com> wrote:
: > >
: > > I have this below tag in httpd.conf
: > >
: > > <Location /server-status>
: > > SetHandler server-status
: > > Order deny,allow
: > > Deny from all
: > > Allow from .blue.com
: > > </Location>
: > >
: > > when I access http://bdc5353.test.abc.com/server-status
: > > It gives
: > >
: > > Forbidden
: > > You don't have permission to access /server-status on this server.
: >
: > What do the error and access logs say?
:
: [Mon Feb 27 09:07:24 2006] [error] [client 192.168.1.20] client denied by server configuration: /home/qrq/httpd-2.0.55_dir/htdocs/server-status
:
: below is access logs
: 192.168.1.20 - - [27/Feb/2006:09:07:24 -0500] "GET /server-status HTTP/1.1" 403 398
Your machine, 192.168.1.20, does not resolve to anything in the
BLUE.COM domain. If your setup is behind some NAT that assigns
your machine a 192.168.* IP address, then you should adjust your
httpd.conf settings and append a "Allow from 192.168" directive
in that <Location> block.
--
Eugene
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Joshua Slive wrote:
> On 2/27/06, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
>
>>Isn't 10.10.10. safer than 10.10.10 - given that the later syntax can
>>lead to matching 10.10.10x.xxx - a result that wasn't expected?
>
> I believe the use of apr_ipsubnet_test in mod_access means that those
> two won't match. But I haven't tested it.
I'm near certain that in 1.3 they would, so it's a (healthy) habit I guess,
even if the behavior changed in 2.0.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Joshua Slive <jo...@slive.ca>.
On 2/27/06, William A. Rowe, Jr. <wr...@rowe-clan.net> wrote:
> Isn't 10.10.10. safer than 10.10.10 - given that the later syntax can
> lead to matching 10.10.10x.xxx - a result that wasn't expected?
I believe the use of apr_ipsubnet_test in mod_access means that those
two won't match. But I haven't tested it.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Isn't 10.10.10. safer than 10.10.10 - given that the later syntax can
lead to matching 10.10.10x.xxx - a result that wasn't expected?
Bill
Joshua Slive wrote:
> On 2/27/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
>
>
>>Is it possible to use wildcards with IP addresses in that directive?
>>Could you have a line that reads
>>
>>Allow from 123.456.789.***
>>
>>With the goal being that any IP in the *** section that matches
>>123.456.789 is able to check server-status?
>
>
> Yes, just use
> Allow from 123.456.789
>
> This question could be answered by looking in the mod_access docs, by the way.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> .
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Joshua Slive <jo...@slive.ca>.
On 2/27/06, Jonathan S. Abrams <j....@nutmegaudiopost.com> wrote:
> Is it possible to use wildcards with IP addresses in that directive?
> Could you have a line that reads
>
> Allow from 123.456.789.***
>
> With the goal being that any IP in the *** section that matches
> 123.456.789 is able to check server-status?
Yes, just use
Allow from 123.456.789
This question could be answered by looking in the mod_access docs, by the way.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by "Jonathan S. Abrams" <j....@nutmegaudiopost.com>.
Joshua Slive wrote:
>On 2/27/06, Kaushal Shriyan <ka...@gmail.com> wrote:
>
>
>>Hi Joshua
>>
>>[Mon Feb 27 09:07:24 2006] [error] [client 192.168.1.20] client denied
>>by server configuration:
>>/home/qrq/httpd-2.0.55_dir/htdocs/server-status
>>
>>below is access logs
>>192.168.1.20 - - [27/Feb/2006:09:07:24 -0500] "GET /server-status
>>HTTP/1.1" 403 398
>>
>>
>
>
>
>>>><Location /server-status>
>>>> SetHandler server-status
>>>> Order deny,allow
>>>> Deny from all
>>>> Allow from .blue.com
>>>></Location>
>>>>
>>>>
>
>The access_log tells us that the server cannot resolve your IP
>address, so it doesn't match .blue.com. Try using an IP address in
>the Allow from directive.
>
Is it possible to use wildcards with IP addresses in that directive?
Could you have a line that reads
Allow from 123.456.789.***
With the goal being that any IP in the *** section that matches
123.456.789 is able to check server-status?
-Jonathan
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Joshua Slive <jo...@slive.ca>.
On 2/27/06, Kaushal Shriyan <ka...@gmail.com> wrote:
> Hi Joshua
>
> [Mon Feb 27 09:07:24 2006] [error] [client 192.168.1.20] client denied
> by server configuration:
> /home/qrq/httpd-2.0.55_dir/htdocs/server-status
>
> below is access logs
> 192.168.1.20 - - [27/Feb/2006:09:07:24 -0500] "GET /server-status
> HTTP/1.1" 403 398
> > > <Location /server-status>
> > > SetHandler server-status
> > > Order deny,allow
> > > Deny from all
> > > Allow from .blue.com
> > > </Location>
The access_log tells us that the server cannot resolve your IP
address, so it doesn't match .blue.com. Try using an IP address in
the Allow from directive.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Kaushal Shriyan <ka...@gmail.com>.
Hi Joshua
[Mon Feb 27 09:07:24 2006] [error] [client 192.168.1.20] client denied
by server configuration:
/home/qrq/httpd-2.0.55_dir/htdocs/server-status
below is access logs
192.168.1.20 - - [27/Feb/2006:09:07:24 -0500] "GET /server-status
HTTP/1.1" 403 398
Regards
Kaushal
On 2/27/06, Joshua Slive <jo...@slive.ca> wrote:
> On 2/27/06, Kaushal Shriyan <ka...@gmail.com> wrote:
> > Hi
> >
> > I have this below tag in httpd.conf
> >
> > <Location /server-status>
> > SetHandler server-status
> > Order deny,allow
> > Deny from all
> > Allow from .blue.com
> > </Location>
> >
> > when I access http://bdc5353.test.abc.com/server-status
> > It gives
> >
> > Forbidden
> > You don't have permission to access /server-status on this server.
>
> What do the error and access logs say?
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Forbidden
Posted by Joshua Slive <jo...@slive.ca>.
On 2/27/06, Kaushal Shriyan <ka...@gmail.com> wrote:
> Hi
>
> I have this below tag in httpd.conf
>
> <Location /server-status>
> SetHandler server-status
> Order deny,allow
> Deny from all
> Allow from .blue.com
> </Location>
>
> when I access http://bdc5353.test.abc.com/server-status
> It gives
>
> Forbidden
> You don't have permission to access /server-status on this server.
What do the error and access logs say?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org