Results 1 to 7 of 7

Thread: apache access security

  1. #1
    Join Date
    Nov 2010
    Location
    Damanhour-North-Egypt
    Posts
    90

    Default apache access security

    hello every one,,

    i recently had apache2 up and running but i'm having a problem with the configuration

    my web docs root is /srv/www/htdocs the pages there are working fine and any scripts are interpreted well ,

    the problem is any sub-directory in my web root will not open instead i get in my browser an access forbidden error page

    i think the problem is about the .conf file

    1-/etc/apache2/httpd.conf
    it as the following section

    Code:
    # forbid access to the entire filesystem by default
    <Directory />
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>

    this isn't a prodution server i don't even have an open port in my firewall for the server so
    i don't want to see the Access forbiden error again
    could you please help me edit the necessary config file ??

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: apache access security

    How did you create those directories? What account did you use? Remember that Apache runs as wwwrun so any directory must be searchable (world read and search, rx) and any file must be readable (world read, r).

  3. #3
    Join Date
    Nov 2010
    Location
    Damanhour-North-Egypt
    Posts
    90

    Default Re: apache access security

    How did you create those directories? What account did you use? Remember that Apache runs as wwwrun so any directory must be searchable (world read and search, rx) and any file must be readable (world read, r).
    i used a root account but the dir and the files within are accessible by normal user.

    drwxr-xr-x 4 root root 4096 Mar 19 20:16 site1

    and the index.html within

    -rw-rw-rw- 1 root root 777 Mar 19 20:38 index.htm



    are you sure its about the linux security not the apache ??

  4. #4
    Join Date
    Nov 2010
    Location
    Youngstown, OH
    Posts
    155

    Default Re: apache access security

    If you absolutely a "Local install ONLY" then remark out ("#") the following
    Code:
    Order deny,allow 
    Deny from all
    and restart apache2.
    Lenovo: OpenSUSE 11.4/32 | Xfce 4.8.1 | Intel Core2 Duo T7200 | Intel 945GM/GMS | 4G RAM | Firefox 8.0 | Thunderbird 3.1.16

  5. #5
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,807
    Blog Entries
    14

    Default Re: apache access security

    Or change ownership of "site1" to "wwwrun" and group to "www". Should work
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  6. #6

    Default Re: apache access security

    mostafaxxx wrote:
    > hello every one,,
    >
    > i recently had apache2 up and running but i'm having a problem with the
    > configuration
    >
    > my web docs root is /srv/www/htdocs the pages there are working fine
    > and any scripts are interpreted well ,
    >
    > THE PROBLEM IS ANY SUB-DIRECTORY IN MY WEB ROOT WILL NOT OPEN INSTEAD I
    > GET IN MY BROWSER AN ACCESS FORBIDDEN ERROR PAGE
    >
    > I THINK THE PROBLEM IS ABOUT THE .CONF FILE
    >
    > 1-/etc/apache2/httpd.conf
    >
    > it as the following section
    >
    >
    > Code:
    > --------------------
    > # forbid access to the entire filesystem by default
    > <Directory />
    > Options None
    > AllowOverride None
    > Order deny,allow
    > Deny from all
    > </Directory>
    >
    > --------------------


    That is not the problem. That is standard content in that file. Have you
    changed any of the config files? If not, don't worry about them.

    Please show:
    (1) A URL that works.
    (2) A URL that doesn't work
    (3) ls -la /srv/www/htdocs
    (4) ls -l of the directory you think corresponds to the URL that doesn't
    work, and ls -l of any intermediate directories.

  7. #7
    Join Date
    Nov 2010
    Location
    Damanhour-North-Egypt
    Posts
    90

    Default Re: apache access security

    Local install ONLY
    i don't undersatnd what you mean with Local install ONLY but i installed it from yast pakage manager

    remark out ("#") the following
    in which config file there is a huge madness of config files here and they all include each other and override each other !!!

    change ownership of "site1" to "wwwrun" and group to "www". Should work
    hmmm it worked just the site1 directory set like you said owner wwwrun and group www and it works but even the sub dirs which are owned by root and group root are accessible ,,

    it should be mentioned in the documentation that i should check the dirs permission
    i have a question about that : i don't have user named wwwrun i do have a group member called wwwrun but not a user so what is the different between between both ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •