After upgrade from 42.3 to 15, apache2 does not load local network websites

English Applications
#1

apache v2.4.33

One of the upgrades from leap 42.3 to leap 15 was apache2 v2.4.23 to v2.4.33. Since then, no local network site loads.

  1. https requests return error 403: Access Forbidden!
  2. http requests return error 400: Bad Request!

I have read the docs. I have added what seemed like the correct directive for allowing access. Still no access allowed. I especially do not get the Bad Request.

What is incorrect with the vhost?

The only message in the error log:

[Tue Jul 17 11:40:13.549312 2018] [access_compat:error] [pid 9500] [client 192.168.69.115:52878] AH01797: client denied by server configuration: /data01/t-drv/websites/sma-v3/, referer: https://www.sma.com/

Here is one of the vhost configuration files.


<VirtualHost *:80>     ServerAdmin [EMAIL="jimoe@sohnen-moe.com"]jimoe@sohnen-moe.com[/EMAIL]

    ServerName sma-v3.sma.com
    DocumentRoot "/data01/t-drv/websites/sma-v3"
    ErrorDocument 404 /404.php
    ErrorDocument 410 /410.php
    ErrorDocument 401 /401.php

    ErrorLog  "*/data01/t-drv/websites/.logs/sma-v3-error_log"
    CustomLog "*/data01/t-drv/websites/.logs/sma-v3-access_log" common

 <Directory "/data01/t-drv/websites/sma-v3">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
 </Directory>
</VirtualHost>

<IfDefine SSL>
<IfModule mod_ssl.c>
<VirtualHost *:443>

#  General setup for the virtual host
  DocumentRoot "/data01/t-drv/websites/sma-v3"
  ServerName sma-v3.sma.com
  ServerAdmin [EMAIL="jimoe@sohnen-moe.com"]jimoe@sohnen-moe.com[/EMAIL]
  ErrorLog  "*/data01/t-drv/websites/.logs/sma-v3s-error_log"
  CustomLog "*/data01/t-drv/websites/.logs/sma-v3s-access_log" common
  TransferLog "*/data01/t-drv/websites/.logs/access_log"

  ErrorDocument 404 /404.php
  ErrorDocument 410 /410.php
  ErrorDocument 401 /401.php

 <Directory "/data01/t-drv/websites/sma-v3">
    AllowOverride All
    Options -ExecCGI
    Options Indexes FollowSymLinks
    Require all granted
 </Directory>

 SSLEngine on

 SSLCertificateChainFile "/data01/srv/vhosts.sma/ssl/sma-ca-chain.cert.pem"
 SSLCertificateFile "/data01/srv/vhosts.sma/ssl/www.sma.com.cert-01.pem"
 SSLCertificateKeyFile
"/data01/srv/vhosts.sma/ssl/www.sma.com.insecure-01.key"

 SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
</VirtualHost>
</ifmodule>
</ifdefine>*****
#2

“400” series errors generally are “tried to access a file and couldn’t” and the specific error code (eg 403) can narrow the cause down slightly.

There are a variety of possible situations which can cause a “400 series” error but are usually caused by one of the following…
The file exists, but permissions are wrong so the file is inaccessible.
The file does not exist, so the file is unavailable.
The file exists but website settings may not be set correctly. This is especially true for upgrades like what you describe where there might be changes in Apache and its modules.

Depending on the website framework, you may also have to consider virtual folders and re-direction.

You can also try creating a new sites both similar to and different than your real websites to try to understand what may not be working.
If you can create a new site that is similar to what isn’t, you may want to simply migrate your non-working site to what works.

TSU

#3

Apache v.2.4.23 had no problem with this vhost. Worked great.
I strongly suspect there is some other issue involved here, something that has nothing to do with permissions despite what the server claims.

All directory permissions are 775; all file permission are 664.

The file does not exist, so the file is unavailable.

The file, index.html, exists.

The file exists but website settings may not be set correctly. This is especially true for upgrades like what you describe where there might be changes in Apache and its modules.

And this is explicitly the question I have posed: What is incorrect with the vhost that is causing the error?

The headers below show the traffic between the browser and server.
The ONLY difference is that the http request (Bad Request) uses port 80 while the https request (Access Denied) uses port 443.

Here are the headers for the Bad Request (error 400)

http://www.sma.com/sma/Host: www.sma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

GET: HTTP/1.1 400 Bad RequestDate: Tue, 17 Jul 2018 20:32:22 GMT
Server: Apache/2.4.33 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=utf-8
Content-Language: en
Expires: Tue, 17 Jul 2018 20:32:22 GMT

And for the Access Forbidden (error 403)

https://www.sma.com/sma/Host: www.sma.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1

GET: HTTP/1.1 403 ForbiddenDate: Tue, 17 Jul 2018 20:34:58 GMT
Server: Apache/2.4.33 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
Content-Language: en
#4

I finally decided to expunge all traces for apache2 from the system: de-install, remove various configuratioin directories and files. I then performed a clean install of apache2, copied bits of configuration from backups.

It finally started giving useful error messages in the log files which led me to clean up the vhost files.

And removed “access_compat” from the list of LoadModules. I suspect this was the main problem. It is an old. deprecated module.

Ta da.