You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Stephen Collyer <sc...@netspinner.co.uk> on 2005/12/10 15:41:48 UTC
[users@httpd] Apache 1.3: Aliases no longer working
I have an odd problem with an Apache 1.3 installation that
I haven't started for a week or so.
On doing so, resources accessible via some Aliases are now
all returning 403s, and AFAICT, I can no longer set up any
new Aliases - resources accessible via the new Alias return
403.
I'm almost totally certain that none of the config has been altered.
Can anyone:
1) suggest what could have screwed up for Alias to break ?
2) let me know if there's any way I can get Apache to
tell me why it wants to return a 403 for a particular resource ?
This'd at least let me debug the problem a little more.
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 1.3: Aliases no longer working
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Joshua Slive wrote:
> On 12/10/05, Stephen Collyer <sc...@netspinner.co.uk> wrote:
>
>
>>And the perms are fine - chmod'ed everything wide open earlier
>>on to be sure.
>>
>>There's a ScriptAlias set up pointing to a cgi-bin dir thats
>>working just fine, too. This strikes me as odd.
>
>
> You checked ALL PARENT DIRECTORIES? Are you using selinux? Are you
> using symlinks? Have you tried to su to the User/Group specified in
> httpd.conf and see if you can access the files?
Yes, I've checked ALL PARENT DIRECTORIES.
No, I'm not using selinux.
No, I'm not using symlinks.
Yes, I can su to the appropriate user, and I can, indeed, access the
files that way.
>
>>I'm much keener to get Apache to tell why it's returning a
>>403 rather than guessing - do you know if this is possible ?
>
>
> Sure; first you need to find the code in apache that is denying
> access, and then add an appropriate error log message to that code
> path. Easy, huh?
I'm not familiar with the Apache code base, but I guess this
implies that there's no trace code in there ? Seems to be
something of an omission for a project as large as Apache, if so.
> An alternative is to run the request under a debugger and step through
> it until you see what is causing the problem. See:
> http://httpd.apache.org/dev/debugging.html
Well, I'd already strace'd it, with no better results; all
I could see is that the appropriate file is stat'ed, and then
a little later on, the 403 being returned.
However: *** I have found the problem ***
The problem, of course, was caused by my being a dick.
I'd put in some temporary access control that I'd forgotten
about in an Include'd conf file.
Now, given that we're all dicks at some point or other,
this has taught me that Apache is too hard to debug.
It would be much more useful if it were possible to ask
Apache to provide a trace of a request, based on its current
configuration, this trace containing all of the major decisions
that are made thoughout its life: access control, URL->dir
translations, usage of Aliases, and so on.
Now, I'd guess that such trace would be spread across many
components, written by many different people, so I won't be
holding my breath, but this would be far more useful than the
current suggestions in the debugging page of, say, strace or
gdb, both of which are really at the wrong level semantically.
(strace is telling you about syscalls, not config logic, and
gdb'ing Apache ain't for those who aren't already familiar
with the code, though it would give you the right answer with
enough effort, of course).
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 1.3: Aliases no longer working
Posted by Joshua Slive <js...@gmail.com>.
On 12/10/05, Stephen Collyer <sc...@netspinner.co.uk> wrote:
> And the perms are fine - chmod'ed everything wide open earlier
> on to be sure.
>
> There's a ScriptAlias set up pointing to a cgi-bin dir thats
> working just fine, too. This strikes me as odd.
You checked ALL PARENT DIRECTORIES? Are you using selinux? Are you
using symlinks? Have you tried to su to the User/Group specified in
httpd.conf and see if you can access the files?
>
> I'm much keener to get Apache to tell why it's returning a
> 403 rather than guessing - do you know if this is possible ?
Sure; first you need to find the code in apache that is denying
access, and then add an appropriate error log message to that code
path. Easy, huh?
An alternative is to run the request under a debugger and step through
it until you see what is causing the problem. See:
http://httpd.apache.org/dev/debugging.html
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 1.3: Aliases no longer working
Posted by Stephen Collyer <sc...@netspinner.co.uk>.
Joshua Slive wrote:
> AFAICT, I can no longer set up any
>>new Aliases - resources accessible via the new Alias return
>>403.
>>
> Look in the apache error log.
Nothing there, I'm afraid.
> If there is nothing there, then the problem is almost certainly with
> your filesystem permissions. Check the directory in question and all
> parent directories to make sure they have at least search permissions
> (chmod +x) for the apache user.
And the perms are fine - chmod'ed everything wide open earlier
on to be sure.
There's a ScriptAlias set up pointing to a cgi-bin dir thats
working just fine, too. This strikes me as odd.
I'm much keener to get Apache to tell why it's returning a
403 rather than guessing - do you know if this is possible ?
--
Regards
Stephen Collyer
Netspinner Ltd
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 1.3: Aliases no longer working
Posted by Joshua Slive <js...@gmail.com>.
On 12/10/05, Stephen Collyer <sc...@netspinner.co.uk> wrote:
> I have an odd problem with an Apache 1.3 installation that
> I haven't started for a week or so.
>
> On doing so, resources accessible via some Aliases are now
> all returning 403s, and AFAICT, I can no longer set up any
> new Aliases - resources accessible via the new Alias return
> 403.
>
> I'm almost totally certain that none of the config has been altered.
> Can anyone:
>
> 1) suggest what could have screwed up for Alias to break ?
>
> 2) let me know if there's any way I can get Apache to
> tell me why it wants to return a 403 for a particular resource ?
> This'd at least let me debug the problem a little more.
Look in the apache error log.
If there is nothing there, then the problem is almost certainly with
your filesystem permissions. Check the directory in question and all
parent directories to make sure they have at least search permissions
(chmod +x) for the apache user.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org