MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
         
23
24 25 26 27 28 29 30
2024
Months
NovDec


Fri, Jan 06, 2017 8:44 pm

Wireshark showing RST packets when unable to access website

I was unable to access a website on a webserver I frequently access. When I examined the network traffic to and from the server with Wireshark network analyzer software, I could see a repeating sequence of SYN packets from the IP address of the Windows laptop from which I was attempting to access the web server followed immediately by RST, ACK packets from the IP address of the server. That sequence repeated over and over again. E.g.:

130	2.766497	TCP	74	44970?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178963 TSecr=0 WS=16
131	2.768022	TCP	60	80?44970 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
132	2.800200	TCP	74	27779?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178972 TSecr=0 WS=16
133	2.801724	TCP	60	80?27779 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

[More Info ]

[/network/web/server] permanent link

Mon, Mar 07, 2016 10:48 pm

Determining the modules which are loaded in Apache

The Apache HTTP server software supports many features via compiled modules which extend the core functionality of the web server software. Modules support various authentication methods, URL rewriting, proxying, etc. You can check on what modules are loaded using the command httpd -t -D DUMP_MODULES or with PHP using apache_get_modules().

[ More Info ]

[/network/web/server/apache] permanent link

Fri, Jan 22, 2016 5:12 pm

New site - You don't have permission to access / on this server

After adding a VirtualHost section to /etc/httpd/conf/httpd.conf on an Apache web server, when I tried accessing the site I saw the message below:

Forbidden

You don't have permission to access / on this server.

I'd encountered the problem in the past when there was a problem with permissions on the user's home directory. I didn't see any log files for the site in the directory under the user account, either, where the ErrorLog and CustomLog directives in the VirtualHost section for the website should have placed them. I checked the access for the user's home directory and found that the only access to that directory was read, write, and execute access for the user's account.

# ls -ld /home/jim
drwx------ 5 jim jim 4096 Jan 22 21:44 /home/jim

When I added "search" access for the group and all users to the user's home directory from the root account, I was able to access the website from a browser.

# chmod ga+x /home/joe

I.e., the cause of the problem had been the same as the last time I encountered the error message.

[/network/web/server/apache] permanent link

Sun, Jul 05, 2015 9:55 pm

Testing access to a website using PuTTY

Microsoft doesn't provide a telnet program with its current operating systems by default, but a commonly used program for telnet and SSH on Microsoft Windows systems is PuTTY which is free. A telnet client is provided with many Linux distributions and one is available with Apple's OS X operating system. PuTTY is also available for Unix/Linux systems. E.g., see How To Install & use Putty in Ubuntu Linux written by Pradeep Kumar on July 13, 2014.

With a telnet program you can send commands/headers to a web server to emulate those that a browser would send to a web server and observe the responses from the server. This can be useful in some troubleshooting efforts. E.g, see Testing acces to a website using PuTTY for how to configure PuTTY on a Microsoft Windows system to perform a basic connectivity test to port 80 and request a web page for a particular site from the server.

[/network/web/server] permanent link

Sun, Nov 09, 2014 10:54 am

Determining when Apache was last restarted

If you need to determine the time that an Apache web server was last restarted, you can look for the word "resuming" in the Apache error log file. On a CentOS Linux system, you can use the command grep resuming /var/log/httpd/error_log.

# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations

[/network/web/server/apache] permanent link

Wed, Nov 05, 2014 10:38 pm

You don't have permission to access / on this server error

After adding a virtual host section for a website to Apache's httpd.conf file on a Linux system, I restarted Apache and tried viewing the website with a browser. Instead of seeing the home page for the site, I saw:

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

Wed, Mar 19, 2014 11:17 pm

AuthUserFile not allowed here

After setting up a redirect similar to the following in an .htaccess file in a directory, I found that I would get a 500 Internal Server Error with the message "The server encountered an internal error or misconfiguration and was unable to complete your request." whenever I tried to access a file in a password-protected subdirectory beneath the one in which I had created the .htaccess file to have the Apache server redirect visitors accessing an old .html file that I had replaced with a .php one.

Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php

In the Apache error log for the website, I saw the following:

[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php

That error log entry was created when I clicked on a link I had in example.php to access a file in the directory dir3, which was below the one in which example.php was located.

To allow the redirect to work, I had inserted the following code in the VirtualHost section for the website within Apache's /etc/httpd/conf/httpd.conf file.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride FileInfo
</Directory>

The .htaccess file for controlling access to the subdirectory dir1/dir2/dir3 had worked fine until I created another .htaccess file above it in dir2 for the redirect. The one for controlling access to dir3 with a username and password was similar to the following:

AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1

Because it contained AuthUserFile and AuthGroupFile, but I didn't specify AuthConfig within the <Directory> section for the virtual host in the httpd.conf file, but only FileInfo for AllowOverride, the authorization control no longer worked. When I changed the AllowOverride line to that shown below and restarted Apache with apachectl restart then both the redirect for the file in dir2 and the HTTP basic access authentication method for files in the subdirectory dir3 beneath dir2 both worked.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride AuthConfig FileInfo
</Directory>

I had forgotten that by limiting AllowOverride to just FileInfo for dir2, I was effectively nullifying any other type of overrides in any subdirectores beneath it.

References:

  1. Apache Core Feartures
    Apache HTTP Server Project

[/network/web/server/apache] permanent link

Sun, Mar 09, 2014 4:04 pm

Redirecting a URL on an Apache Web Server

If you are using an Apache webserver and you need to redirect visitors to a webpage to another webpage, instead, one method of doing so is to use a server-side redirect, which can be accomplished by inserting a redirect in an .htaccess file, to the new page.

[ More Info ]

[/network/web/server/apache] permanent link

Sun, Aug 08, 2010 1:45 pm

Restricting Access to an Apache Virtual Host

To restrict access to an Apache Virtual Host by IP address, you will need to have the mod_authz_host module loaded in the Apache configuration file httpd.conf, which can usually be found at /etc/httpd/conf/httpd.conf on a Linux system. To determine if it is loaded, look for a line similar to the following in the configuration file:

LoadModule authz_host_module modules/mod_authz_host.so

You can restrict access to a website that is set up as a virtual host by including information on what IP addresses should have access to documents on the website in a directory section Directory as shown below.

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /home/www/example
    ErrorLog /home/www/example/logs/error.log
    CustomLog /home/www/example/logs/transfer.log common
    <Directory /home/www/example>
      Order Deny,Allow
      Deny from all
      Allow from 192.168 127.0.0.1
    </Directory>
</VirtualHost>

In the case above, access to the document root of the website, i.e., all documents on the website, is restricted to allow access only from IP addresses beginning with 192.168 and 127.0.0.1, which is the "localhost" address, meaning the address of the server itself. Anyone trying to access example.com from any other IP address would see the default webpage for the server, if any, not the example.com website.

References:

  1. Access Control
    The Apache HTTP Server Project
  2. Apache Module mod_authz_host
    The Apache HTTP Server Project
  3. Learn how to configure Apache
    Date: September 29, 2003
    TechRepublic Articles

[/network/web/server/apache] permanent link

Tue, Jun 02, 2009 10:43 pm

Active Log Monitor

If you want to view access to your website in realtime, i.e. see what pages are being accessed as they are being accessed, you can use the Active Log Monitor PHP script.

[ More Info ]

[/network/web/server/apache] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo