Apache2 Access forbidden after update

Escain · May 31, 2015, 9:59pm

Hello

For development purpose, I installed an Apache server on my computer with a set of directories+Alias for each project. This was working until one of the latest update, now it show “Access forbidden! 403”.

The log show the following error on each access:
[Sun May 31 21:50:19.093845 2015] [access_compat:error] [pid 937] [client ::1:47864] AH01797: client denied by server configuration: /home/###########

The installation is very basic:

Standard Apache2 installation
I added in vhosts.d a virtualhost like:
<VirtualHost *:80>
ServerName localhost
</VirtualHost>
Added for each project a file into vhosts.d like: project1.conf

Alias “/project1” “/home/#####”
<Directory “/home/####”>
Options Indexes MultiViews FollowSymlinks
AllowOverride None
Order deny,allow
Deny from all
Allow from localhost,127.0.0.1
</Directory>

Any suggestion of Why it is not working when it was before the update? How to solve this issue?

Escain · May 31, 2015, 11:04pm

The problem was from the changes between Apache 2.2 and 2.4:
Allow/Deny operations are changed:
https://httpd.apache.org/docs/2.4/upgrading.html

I already see there are other changes to perform around MySQL and others.

jetchisel · June 1, 2015, 1:30am

Hi,

If you have the installed apache2 from the repos then pointing your browser at

http://localhost/manual/upgrading.html

should show you the same instructions/info.

rwbehne1 · December 13, 2016, 2:59pm

So…
What I gather from this is that the people at Apache made a bunch of changes in the software, but shipped it with old, now broken config files, and left us with a server that’s broke on install, requiring us to figure out everything that has to be changed piece-by-piece, and to top it off I’ve got a dozen or more broken subsystems besides Apache2 that I’ve been struggling with for several days since I installed 42.2. I need a working computer, not a hobby!

So how about someone providing the Readers-Digest (really short) version of only that which actually needs to be done, without all the lengthy shop talk documents explaining in pedantically tedious detail all the philosophy and describing in gory detail everything other that just simply how to fix it? Please? I’ve been reading files all day and have gotten no closer to understanding what it is that I have to do to stop the “Access forbidden” problem.

Miuku · December 13, 2016, 4:57pm

Apache on 42.2 works out of the box, however this thread delves into upgrading from an older version of Apache to a newer one which changed the configuration layout (to be precise, it changed the allow/deny configuration parameters and changed them to required xxx granted format).

You can triage the issue by activating an Apache 2 module that supports the old configuration parameters; sudo a2enmod access_compat ; systemctl restart apache2

However you should learn the new way of restricting access and granting it.

rwbehne1 · December 13, 2016, 6:49pm

Well, I formatted my root partition, and replaced 13.2 with Leap 42.2. Everything is newly installed, including the /etc directory which is in the root partition. The only thing not new is the /srv partition holding the server files. Except for that this is an “out of the box” type install, not just an upgrade. And so the configuration parameters have been changed to the new ‘required xxx granted’ format - and still I getting an "Access forbidden"error.

Was something done differently in the way /srv/www/htdocs/ and it’s children have to have chown and chmod done?

Miuku · December 13, 2016, 6:56pm

Could you post the output of;

ls -l /srv/www/htdocs

rwbehne1 · December 13, 2016, 7:20pm

# ls -l /srv/www/htdocs 
total 612
-rw-r--r--  1 root root 273491 Mar 15  2016 DDC.xml
-rw-r--r--  1 root root   1094 Jul  4 01:58 ESP_GROUP_RULES_2.html
-rw-r--r--  1 root root   1234 Jul  4 01:58 ESP_GROUP_RULES_3.html
-rw-r--r--  1 root root  10525 Jun 29 02:16 ESP_GROUP_RULES_.css
-rw-r--r--  1 root root  56466 Jul  4 01:57 ESP_GROUP_RULES_.html
-rw-r--r--  1 root root   1150 Jul 28  2015 favicon_gwsetup.ico
-rw-r--r--  1 root root    302 Mar 13  2006 favicon.ico
drwxr-xr-x  2 root root   4096 Aug 31  2015 Images
-rw-r--r--  1 root root  16314 Oct 10 09:19 index.html
-rw-r--r--  1 root root   2356 May 12  2016 info2html.css
-rw-rw-r--  1 root root   5940 Nov  2 20:05 INSTRUCTIONS.html
-rw-rw-r--  1 root root   3334 Jan 26  2016 JOINING.html
drwxr-xr-x  3 root root   4096 Mar  1  2016 n3ghe
drwxr-xr-x  2 root root   4096 Dec  5 01:05 openemr
drwxr-xr-x 16 root root   4096 Dec 13 21:44 owncloud
drwxr-xr-x  2 root root   4096 Aug 23  2015 PHOTOS
drwxr-xr-x  6 root root   4096 Dec  8 19:51 phpMyAdmin
drwxr-xr-x  3 root root  20480 Jul  9  2015 PHP-NUKE MANUAL
-rw-r--r--  1 root root    136 Jul 17 18:57 robots.txt
drwxr-xr-x  2 root root   4096 Aug 30 19:58 TEFL

I moved all of /srv/www to my /usr/local partition temporarily, then forced an unconditional update to install the default /srv/www and its tree, to see if a new install would be using different names for owner and group. It isn’t. It also didn’t make any difference, the browser still gets the "access denied"error. As you can see I do have an index.html file, so that’s not the problem either.

Miuku · December 13, 2016, 7:23pm

Does your /srv have 775 permissions? (rwxrwxr-x)?

Could you also post the relevant snippet from your /var/log/apache2/error_log , where the error shows.

Miuku · December 14, 2016, 10:15am

I thought about this and one thing popped into my mind; do you have .htaccess files in your /srv?

find /srv -name “.htaccess”