[Bug 370542] Re: Accessing http://localhost gives a 403 Forbidden when using apache "allow localhost" directive
Jonathan Marsden
jmarsden at fastmail.fm
Sat May 2 11:39:47 BST 2009
@Andreas: When troubleshooting Ubuntu, please do not "think so", please
test instead :)
All my Intrepid Desktop VMs have "::1 ip6-localhost ip6-loopback", and
all my Jaunty VMs have "::1 localhost ip6-localhost ip6-loopback" in
/etc/hosts.
Further, both on Intrepid and on Jaunty, Apache2 *does* listen on IPv6
addresses by default, as a quick
sudo netstat -ntlp |grep ::80
will show. Again: please do not "take it", please test instead :)
As a further test, I just now:
(1) Created two new VMs, one booted/installed from a
ubuntu-8.10-desktop-i386.iso image and one from a
ubuntu-9.04-desktop-i386.iso image. Other than their hostnames (itest
and jtest respectively) I was careful to perform the installs in exactly
the same way. Result: itest has "::1 ip6-localhost ip6-loopback", and
jtest has "::1 localhost ip6-localhost ip6-loopback" in /etc/hosts. I
conclude that this *is* in fact something that changed in Jaunty.
(2) I then installed apache2 (sudo apt-get install apache2 --no-install-recommends) on each VM and restarted it.
At this point both VMs can browse to http://localhost/ and also http://[::1]/ successsfully.
(3) I then edited /etc/apache2/sites-available/default on both machines,
editing only the line 13 from "allow from all" into "allow from
localhost", and then rebooted both VMs. At this point the Intrepid
machine can still browse localhost, but the Jaunty machine cannot. At
this point both machines can browse http://127.0.0.1, and neither
machine can browse http://[::1]/ .
(4) On jtest (the Jaunty machine), I then edited /etc/apache2/sites-
available/default to add an additional line "allow from ::1" just after
the "allow from localhost" line, and rebooted. Now http://localhost and
http://[::1] are both browseable on this machine.
I trust this is sufficient testing to support my earlier diagnosis of
this issue. I can provide tcpdump packet captures to demonstrate that
in Jaunty, browsing http://localhost is generating IPv6 traffic, but in
Intrepid browsing http://localhost uses IPv4, if we really need to do
that to demonstrate that this really is the difference here :)
Jonathan
--
Accessing http://localhost gives a 403 Forbidden when using apache "allow localhost" directive
https://bugs.launchpad.net/bugs/370542
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list