Fresh install of Saucy. Apache2 configs from Raring are epic failure
Tom H
tomh0665 at gmail.com
Thu Dec 26 07:25:19 UTC 2013
On Thu, Dec 26, 2013 at 4:26 AM, Kevin O'Gorman <kogorman at gmail.com> wrote:
> On Wed, Dec 25, 2013 at 7:57 PM, Tom H <tomh0665 at gmail.com> wrote:
>> On Thu, Dec 26, 2013 at 2:28 AM, Kevin O'Gorman <kogorman at gmail.com> wrote:
>>>
>>> Due to a GUI meltdown, I found it expedient to do a fresh install so I
>>> chose Xubuntu Saucy.
>>>
>>> All but one thing went well. My web server is really down.
>>>
>>> Now mind, the basics work. I can access things in /var/www it seems,
>>> but I usually keep only one file there. I configure aliases to get to
>>> everything else.
>>>
>>> None of these are working. Home directory pages are not working. My
>>> specialized code is not working.
>>>
>>> And by not working I mean a pretty uniform 403 with an occasional 404.
>>> The error log points the finger at my configuration, saying "client
>>> denied by server configuration"
>>>
>>> For example, I have a directory devoted to a dear departed canine
>>> companion named Ogden Gnash. His stuff is stored in /www/Dogs/Oggie.
>>> I have an alias thus:
>>>
>>> Alias /Oggie /www/Dogs/Oggie
>>> <Directory /www/Dogs/Oggie>
>>> Order allow,deny
>>> Allow from all
>>> </Directory>
>>>
>>> And when I try to go to http://kosmanor.com/Oggie the browser tells me
>>> "You don't have permission to access /Oggie on this server." while the
>>> error log contains "
>>>
>>> [Wed Dec 25 18:22:22.504423 2013] [authz_core:error] [pid 6022:tid
>>> 140127561000704] [client 71.80.244.253:43755] AH01630: client denied
>>> by server configuration: /www/Dogs/Oggie
>>>
>>> What could be clearer? It sees the Alias, but does not give access,
>>> and it's not file permission (which I've checked anyway) but it's the
>>> server configuration.
>>
>> From the README:
>>
>> ...
>>
>> We did change the security model for Apache in our default configuration. We
>> do not allow access to the file system outside /var/www and /usr/share.
>> If you are running virtual hosts or scripts outside these directories, you
>> need to whitelist them in your configuration to grant access through HTTP.
>> Special care must be taken if you are using a sub-directory in /srv to serve
>> your content as recommended by the File Hierarchy Standard (FHS). You must
>> allow access to your served directory explicity in the corresponding virtual
>> host, or by allowing access in apache2.conf as proposed.
>>
>> ...
>
> Thanks for this. There was enough that happened during installation
> that warned me of these changes. As near as I can tell, all necessary
> changes have been made. All the config files are in conf-available,
> and links are managed using the apache tools.
>
> The example with Oggie shows that my configuration is being read. The
> permissions look right. It just doesn't work.
Please bottom-post.
You're welcome.
Did you notice the above, unsnipped paragraph?
And the following section of "/etc/apache2.conf"?
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
More information about the ubuntu-users
mailing list