Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

  1. #1

    Default Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Hello,

    I just simply upgraded my Open-Suse version from 13.1 to 13.2. On my machine Apache web service runs as local background service.

    - I do NOT have access to server-info and server-status locally, though I verified that the modules are loaded using the -t -D DUMP_MODULE feature.
    - I do not have access to a simple text page i the server's root directory though I verified the UNIX access rights to the basic simple text page in the root directory of the server.

    Please note that I DID NOT change any of the configuration files that come with the standard 13.2 distribution and all these sued to work in 13.1 version.

    The Webmin package is the only one that works as before. I have no idea where to look to solve this access problem, or how to debug it: can you please give me some hints and help,

    thanks SH.

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Check your /etc/apache2/default-server.conf and compare it to /etc/apache2/default-server.conf.rpmnew

    If you have not made any changes to the .conf, just take a backup and replace it with the rpmnew version, then restart Apache2.

    13.2's Apache2 now _requires_ the Require parameters instead of Allow/Deny All, this is most likely the cause of your 403, gent here had the same issue; https://forums.opensuse.org/showthre...umbleweed-13-2
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  3. #3

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Thanks a lot for the rapid answer and suggestion.

    This being said, I have in /etc/apache2 directory, an "httpd.conf.rpmnew" file but NO "default-server.conf.rpmnew" file as your response suggested to use for comparison. I have also a "default-server.conf" file but none with a rpmnew termination. Can you help me further ? thanks again a lot SH.

  4. #4
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Check your configuration files for parameters such as "Allow from All" and change these to "Require All Granted".
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  5. #5

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Hello,

    I did not find any "Allow from all" in "httpd.conf" and "default-server.conf" , but I found in exchange in <Directory /> section a "Deny from all" and in the "default-server.conf" each directory section has a "Require All Granted" directive (this includes the server root directory srv / www / htdocs).
    -------------- here is the default sever.conf file:
    #
    # Global configuration that will be applicable for all virtual hosts, unless
    # deleted here, or overriden elswhere.
    #

    DocumentRoot "/srv/www/htdocs"

    #
    # Configure the DocumentRoot
    #
    <Directory "/srv/www/htdocs">
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important. Please see
    # http:///httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    Options All
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    # Options FileInfo AuthConfig Limit
    AllowOverride None
    # Controls who can get stuff from this server.
    Require all granted
    </Directory>

    # Aliases: aliases can be added as needed (with no limit). The format is
    # Alias fakename realname
    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL. So "/icons" isn't aliased in this
    # example, only "/icons/". If the fakename is slash-terminated, then the
    # realname must also be slash terminated, and if the fakename omits the
    # trailing slash, the realname must also omit it.
    #
    # We include the /icons/ alias for FancyIndexed directory listings. If you
    # do not use FancyIndexing, you may comment this out.
    #
    Alias /icons/ "/usr/share/apache2/icons/"

    <Directory "/usr/share/apache2/icons">
    Options Indexes MultiViews
    AllowOverride None
    Require all granted
    </Directory>

    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"

    # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    <Directory "/srv/www/cgi-bin">
    AllowOverride None
    Options +ExecCGI -Includes
    Require all granted
    </Directory>

    # UserDir: The name of the directory that is appended onto a user's home
    # directory if a ~user request is received.
    #
    # To disable it, simply remove userdir from the list of modules in APACHE_MODULES
    # in /etc/sysconfig/apache2.
    #
    <IfModule mod_userdir.c>
    # Note that the name of the user directory ("public_html") cannot simply be
    # changed here, since it is a compile time setting. The apache package
    # would have to be rebuilt. You could work around by deleting
    # /usr/sbin/suexec, but then all scripts from the directories would be
    # executed with the UID of the webserver.
    UserDir public_html
    # The actual configuration of the directory is in
    # /etc/apache2/mod_userdir.conf.
    Include /etc/apache2/mod_userdir.conf
    # You can, however, change the ~ if you find it awkward, by mapping e.g.
    # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
    #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
    </IfModule>


    # Include all *.conf files from /etc/apache2/conf.d/.
    #
    # This is mostly meant as a place for other RPM packages to drop in their
    # configuration snippet.
    #
    # You can comment this out here if you want those bits include only in a
    # certain virtual host, but not here.
    #
    IncludeOptional /etc/apache2/conf.d/*.conf

    # The manual... if it is installed ('?' means it won't complain)
    IncludeOptional /etc/apache2/conf.d/apache2-manual?conf

  6. #6
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Please run this command;

    Code:
    egrep -i allow /etc/apache2/*
    It'll print all the files with the word "order" in it, I'm guessing your mod_status.conf has Order deny,allow which you need to fix to the new format and perhaps other files have the same issue.

    Also check /var/log/apache2/error_log if it shows the access errors as 403 or something else.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  7. #7

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    hello,

    I did as you requested, under user root. the results are here under.
    ----

    Netghost:/etc/apache2 # egrep -i allow /etc/apache2/*
    grep: /etc/apache2/conf.d: Is a directory
    /etc/apache2/default-server.conf: # AllowOverride controls what directives may be placed in .htaccess files.
    /etc/apache2/default-server.conf: AllowOverride None
    /etc/apache2/default-server.conf: AllowOverride None
    /etc/apache2/default-server.conf: AllowOverride None
    /etc/apache2/default-vhost.conf: # For example, to allow execution of PHP scripts:
    /etc/apache2/default-vhost.conf: AllowOverride None
    /etc/apache2/default-vhost.conf: # AllowOverride controls what directives may be placed in .htaccess files.
    /etc/apache2/default-vhost.conf: AllowOverride None
    /etc/apache2/default-vhost-ssl.conf: # 4 possible values: All, SSLv2, SSLv3, TLSv1. Allow TLS and SSLv3:
    /etc/apache2/default-vhost-ssl.conf: # List the protocol versions which clients are allowed to
    /etc/apache2/default-vhost-ssl.conf: # can configure both in parallel (to also allow the use of DSA
    /etc/apache2/default-vhost-ssl.conf: # both in parallel (to also allow the use of DSA ciphers, etc.)
    /etc/apache2/default-vhost-ssl.conf: AllowOverride None
    /etc/apache2/default-vhost-ssl.conf: # SSL close notify alert is send or allowed to received. This violates
    /etc/apache2/errors.conf:# which allows you to create your own set of files by starting with the
    /etc/apache2/errors.conf: AllowOverride None
    /etc/apache2/errors.conf: ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    /etc/apache2/httpd.conf: AllowOverride None
    /etc/apache2/httpd.conf: Order deny,allow
    /etc/apache2/httpd.conf: Order allow,deny
    /etc/apache2/httpd.conf.rpmnew: AllowOverride None
    /etc/apache2/listen.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
    /etc/apache2/magic:# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
    /etc/apache2/mod_info.conf:# Allow remote server configuration reports, with the URL of
    /etc/apache2/mod_mime-defaults.conf:# LanguagePriority allows you to give precedence to some languages
    /etc/apache2/mod_mime-defaults.conf:# ForceLanguagePriority allows you to serve a result page rather than
    /etc/apache2/mod_mime-defaults.conf:# AddType allows you to add to or override the MIME configuration
    /etc/apache2/mod_mime-defaults.conf:# AddEncoding allows you to have certain browsers uncompress
    /etc/apache2/mod_mime-defaults.conf:# (This is enabled by default to allow the Apache "It Worked" page
    /etc/apache2/mod_mime-defaults.conf:# Filters allow you to process content before it is sent to the client.
    /etc/apache2/mod_status.conf:# Allow server status reports generated by mod_status,
    /etc/apache2/mod_userdir.conf: AllowOverride FileInfo AuthConfig Limit Indexes
    /etc/apache2/server-tuning.conf: # maximum number of server processes allowed to start
    /etc/apache2/server-tuning.conf:# KeepAlive: Whether or not to allow persistent connections (more than
    /etc/apache2/server-tuning.conf:# MaxKeepAliveRequests: The maximum number of requests to allow
    /etc/apache2/server-tuning.conf:# during a persistent connection. Set to 0 to allow an unlimited amount.
    grep: /etc/apache2/ssl.crl: Is a directory
    grep: /etc/apache2/ssl.crt: Is a directory
    grep: /etc/apache2/ssl.csr: Is a directory
    /etc/apache2/ssl-global.conf: # Note that on most platforms shared memory segments are not allowed to be on
    /etc/apache2/ssl-global.conf: # can configure both in parallel (to also allow the use of DSA
    /etc/apache2/ssl-global.conf: # both in parallel (to also allow the use of DSA ciphers, etc.)
    grep: /etc/apache2/ssl.key: Is a directory
    grep: /etc/apache2/ssl.prm: Is a directory
    grep: /etc/apache2/sysconfig.d: Is a directory
    grep: /etc/apache2/vhosts.d: Is a directory
    Netghost:/etc/apache2 #
    ---

    Here are listed mod_status.conf and mod_info.conf for extra information.

    ----
    #
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    #
    # see http:///httpd.apache.org/docs/2.4/mod/mod_status.html
    #
    <IfModule mod_status.c>
    <Location /server-status>
    SetHandler server-status
    Require local
    </Location>
    </IfModule>

    #
    # Allow remote server configuration reports, with the URL of
    # http://servername/server-info (requires that mod_info.c be loaded).
    #
    # see http:///httpd.apache.org/docs/2.4/mod/mod_info.html
    #
    <IfModule mod_info.c>
    <Location /server-info>
    SetHandler server-info
    Require local
    </Location>
    </IfModule>

  8. #8
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Please make a backup of your httpd.conf and replace it with the .rpmnew file. Then restart Apache.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  9. #9

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Thanks really a lot!! I did what you said and it works now, completely: server-status, server info all......
    Maybe you will be so kind and explain my why it does work now, so I learn what went wrong....thanks again a lot, friendly yours SH.

  10. #10
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,004

    Default Re: Apache 2.4 in openSuse 13.2: no access error 403 Frbidden

    Well in short there is a difference between Apache 2.2 and 2.4 in how they handle "allowed" (access control) lists, let's take an example:

    In Apache 2 you would allow users to browse your directory with:
    <Directory /SomeCoolLocation >
    Order allow,deny
    Allow from all
    </Directory>

    There. It just says that "Allow from all", meaning anyone can read this directory.

    Now in Apache 2.4 things are a little different, you only need;
    <Directory /SomeCoolLocation >
    Require all granted
    </Directory>

    to give everyone read access.

    However, Apache 2.4 that ships with 13.2 no longer supports the old style configuration directives and gives 403 Forbidden warnings if your configuration files contain them. Think of it as a safeguard - your configuration files are no longer valid, hence it would be a bad idea to let people just browse anyway.

    Your httpd.conf had these old directives (allow from) and the .rpmnew file had the new ones (require all.. )
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •