Configuring Apache on OpenSUSE 11.3

Hi all,

I’ve recently started working for a research group at a university and have been tasked with setting up a website for them. I’ve created the website but for some reason it can only be accessed from within the campus. The server it is hosted on is running opensuse 11.3 and I am able to remote into it from anywhere using ssh. Pinging the url of the website comes back with the correct IP address but all requests timeout. I am new to linux and apache but since I can remote into the server, my best guess would be that the problem lies within the apache or firewall configuration. I have googled for hours and have yet been able to find anything that solves this. Any help will be much appreciated. I’ve never had to set up apache before so the problem could easily be something basic.

Thanks in advance for any help offered :slight_smile:

  1. Welcome here.

  2. openSUSE 11.3 is not supported anymore for quite some time now. That means amongst other things (like risk of security issues not patched) that almost nobody here can recreate your problem with the same versions you have, which may make helping you difficult.

  3. somewhere in your story you say that from within the campus you can use the webserver. I guess that you mean with “within the campus” from the campus internal network and that it does not work from the internet (after all this is a computer/network technical forum and not one about buildings). Is that a correct interpretation?

  4. you say that ping times out, but you do not say if that ping is from inside the campus network or from the internet. You should try both and report both.

  5. you say you can SSH into the system “from anywhere”. Again we want to be 100% clear that this includes both from the internal network and from the internet.

  6. While in general Apache can be configured to only answer to specific configured IP addresses, I guess that in this case it is most likely that you are blocked on the boundary between the internal network and the internet. For all sorts of reasons the Campus network infrastructure manager might wish to block e.g. HTTP access from the internet to undefined systems in the campus network. My guess is that one of the first things you should do when you want to open a website to the outside world, you go to the appropriate authorities to ask for the buraucratic and technical prerequisites.

And at last I want to point you to the way you should post any computer output here when you feel the need to do that (and we love computer facts above story telling :wink: ). It is an important feature of the forum that is not easy to find, thus this explanation for new members.
You should create CODE tags by using the # button in the toolbar above the post editor. And then copy/paste the prompt, command, output and next prompt from your terminal emulator straight betwen the tags. E.g. I do not say :when I ping …", but I show straight:

henk@boven:~> ping -c1 forums.opensuse.org
PING forums.opensuse.org (130.57.66.6) 56(84) bytes of data.
64 bytes from forums.opensuse.org (130.57.66.6): icmp_seq=1 ttl=52 time=147 ms

--- forums.opensuse.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 147.894/147.894/147.894/0.000 ms
henk@boven:~>

On 2013-02-13 10:16, MadcowZA wrote:
>
> Hi all,
>
> I’ve recently started working for a research group at a university and
> have been tasked with setting up a website for them.

With 11.3? I hope you remove that server fast. 11.3 is obsolete and does
not get security updates. You can not put a non-updated server on
Internet, not even on-campus, where a host of students may try to crack it.

> I’ve created the
> website but for some reason it can only be accessed from within the
> campus.

Do you have an Internet address, or only a local network address? In any
case, you have to get the people administering the entire University
network to allow your server to be accessed from Internet, and tell you how.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

  1. Thank you :slight_smile:

  2. I understand. 11.3 was just on the server when it was handed to me. Will look into updating.

  3. Correct.

  4. Pinging from inside the campus network works fine. Pinging from outside times out. I’m on campus at the moment so can’t give a code snippet.

  5. I can SSH from both the internet and the internal network.

  6. I will get hold of the campus IT division and ask them if they’ve changed anything. As far as I know, the old website used to be on this server and was accessible from the internet. That’s why I’m worried I may have inadvertently changed some or other setting that messed up the apache configuration although I’m not sure how I could have done that.

Thanks for the help. Will keep the post updated.

I would like to get the server updated but unfortunately for now I’m stuck with what I have.

I have an internet address: rubi.ru.ac.za

As I said in my above post, as far as I know, the old website that was hosted on this server could be accessed via the internet hence I’m worried I inadvertently changed some configuration setting. Will get hold of the IT division to see if something has changed on their side though.

Thanks very much :slight_smile:

With the information you provided:

henk@boven:~> nslookup rubi.ru.ac.za
Server:         194.109.6.66
Address:        194.109.6.66#53

Non-authoritative answer:
rubi.ru.ac.za   canonical name = yoda.biosci.ru.ac.za.
Name:   yoda.biosci.ru.ac.za
Address: 146.231.130.12

henk@boven:~> ssh rubi.ru.ac.za
The authenticity of host 'rubi.ru.ac.za (146.231.130.12)' can't be established.
RSA key fingerprint is c1:21:26:bc:46:4d:7a:81:ee:17:d5:16:b8:a4:88:a3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rubi.ru.ac.za,146.231.130.12' (RSA) to the list of known hosts.
Password: 
Password: 

henk@boven:~> ping rubi.ru.ac.za
PING yoda.biosci.ru.ac.za (146.231.130.12) 56(84) bytes of data.
^C
--- yoda.biosci.ru.ac.za ping statistics ---
152 packets transmitted, 0 received, 100% packet loss, time 150999ms

henk@boven:~> 

As you see, SSH to the system from the internet is possible. Ping does not work and is probably blocked by the router/firewall configuration between your network and the Internet.

A tried HTTP access, but it times out. As said that most probably is also in the router/firewall confiuguration. But you can restrict access in Apache. Even on a per directory base.
Check inside /etc/apache2/default-server.conf on contsructs like:

<Directory "/srv/www/htdocs">
...        
...
Order deny,allow
 Deny from all
 Allow from 10.0.0
 Allow from localhost
</Directory>

In the above I block all IP addresses except those on the local LAN and localhost (which is 127.0.0.1).

Thanks so much for all the help. Like you guys said, I got hold of our IT division and it turns out that in November last year they changed their firewall policy and did a review of all the servers providing web content in the university. The motivation for providing web content from this server had expired so they cut it. So when I took over, it was already offline.

Thanks again for the help. Now to get the OS updated :slight_smile: