←November→
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
|
|
|
|
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
|
|
Fri, Jan 06, 2017 8:44 pm
Wireshark showing RST packets when unable to access website
I was unable to access a website on a webserver I frequently access.
When I examined the network traffic to and from the server with
Wireshark
network
analyzer software, I could see a repeating sequence of
SYN packets from the IP address of the Windows laptop from which I was
attempting to access the web server followed immediately by RST, ACK packets
from the IP address of the server. That sequence repeated over and over
again. E.g.:
130 2.766497 TCP 74 44970?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178963 TSecr=0 WS=16
131 2.768022 TCP 60 80?44970 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
132 2.800200 TCP 74 27779?80 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1029178972 TSecr=0 WS=16
133 2.801724 TCP 60 80?27779 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0
[More Info ]
[/network/web/server]
permanent link
Mon, Mar 07, 2016 10:48 pm
Determining the modules which are loaded in Apache
The
Apache HTTP server software supports many features
via
compiled
modules which extend the core functionality of the web server software.
Modules support various authentication methods,
URL
rewriting,
proxying, etc. You can check on what modules are loaded
using the command
httpd -t -D DUMP_MODULES
or with PHP using
apache_get_modules()
.
[ More Info ]
[/network/web/server/apache]
permanent link
Fri, Jan 22, 2016 5:12 pm
New site - You don't have permission to access / on this server
After adding a VirtualHost section to
/etc/httpd/conf/httpd.conf
on an Apache web server, when I tried accessing the site I saw the message
below:
Forbidden
You don't have permission to access /
on this server.
I'd encountered the problem in the past when there was a problem with
permissions on the user's home directory. I didn't see any log files for the
site in the directory under the user account, either, where the
ErrorLog
and CustomLog
directives in the
VirtualHost section for the website should have placed them. I checked the
access for the user's home directory and found that the only access to that
directory was read, write, and execute access for the user's account.
# ls -ld /home/jim
drwx------ 5 jim jim 4096 Jan 22 21:44 /home/jim
When I added "search" access for the group and all users to the user's home
directory from the root account, I was able to access the website from a
browser.
I.e., the cause of the problem had been the same as the last time I
encountered the error message.
[/network/web/server/apache]
permanent link
Sun, Jul 05, 2015 9:55 pm
Testing access to a website using PuTTY
Microsoft doesn't provide a telnet program with its current operating systems
by default, but a commonly used program for telnet and SSH on Microsoft
Windows systems is
PuTTY which is free. A telnet client is provided with many Linux
distributions and one is available with Apple's OS X operating system.
PuTTY is also available for Unix/Linux systems. E.g., see
How To Install & use Putty in Ubuntu Linux written by Pradeep Kumar
on July 13, 2014.
With a telnet program you can send commands/headers to a web server to emulate
those that a browser would send to a web server and observe the responses
from the server. This can be useful in some troubleshooting efforts. E.g,
see Testing acces to a website
using PuTTY for how to configure PuTTY on a Microsoft Windows system to
perform a basic connectivity test to port 80 and request a web page for
a particular site from the server.
[/network/web/server]
permanent link
Sun, Nov 09, 2014 10:54 am
Determining when Apache was last restarted
If you need to determine the time that an Apache web server was last restarted,
you can look for the word "resuming" in the Apache error log file. On a CentOS
Linux system, you can use the command
grep resuming
/var/log/httpd/error_log
.
# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations
[/network/web/server/apache]
permanent link
Wed, Nov 05, 2014 10:38 pm
You don't have permission to access / on this server error
After adding a virtual host section for a website to Apache's
httpd.conf
file on a Linux system, I restarted Apache and tried
viewing the website with a browser. Instead of seeing the home page for the
site, I saw:
Forbidden
You don't have permission to access / on this server.
When I looked in the error log for the site, I saw the following:
[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
Checking the public_html
directory and the directories
beneath it, I saw that owner, group, and world all had "execute" access,
i.e., the capability to search through the directories.
$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov 5 21:04 public_html
But, checking the user's home directory I found there was no access to it
except for the owner. When I changed that access to grant search access
to other accounts in the same group and all accounts, then the website became
visible.
$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov 5 21:17 /home/jdoe
You can check the permissions on a directory and the directories
above it up to the root directory with just one command using
the namei -m
command in the form namei -m
/path_to_directory/dirname
. E.g.:
$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
drwxr-xr-x /
drwxr-xr-x home
drwx--x--x jdoe
drwxrwxr-x public_html
[/network/web/server/apache]
permanent link
Wed, Mar 19, 2014 11:17 pm
AuthUserFile not allowed here
After setting up a redirect similar to the following in an .htaccess file in
a directory, I found that I would get a
500 Internal Server Error
with the message "The server encountered an internal error or
misconfiguration and was unable to complete your request." whenever I tried
to access a file in a password-protected subdirectory beneath the one
in which I had created the .htaccess file to have the Apache server
redirect visitors accessing an old .html file that I had replaced with a
.php one.
Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php
In the Apache error log for the website, I saw the following:
[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php
That error log entry was created when I clicked on a link I had
in example.php to access a file in the directory dir3, which was below the
one in which example.php was located.
To allow the redirect to work, I had inserted the following code in
the VirtualHost section for the website within Apache's
/etc/httpd/conf/httpd.conf
file.
<Directory /home/jdoe/public_html/dir1/dir2>
AllowOverride FileInfo
</Directory>
The .htaccess file for controlling access to the subdirectory
dir1/dir2/dir3
had worked fine until I created another
.htaccess file above it in dir2 for the redirect. The one for controlling access
to dir3 with a username and password was similar to the following:
AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1
Because it contained AuthUserFile
and
AuthGroupFile
, but I didn't specify AuthConfig
within the <Directory>
section for the virtual host
in the httpd.conf
file, but only FileInfo
for AllowOverride
, the authorization control no longer
worked. When I changed the AllowOverride
line to that
shown below and restarted Apache with apachectl restart
then both the redirect for the file in dir2
and the HTTP
basic access
authentication method for files in the subdirectory dir3
beneath dir2
both worked.
<Directory /home/jdoe/public_html/dir1/dir2>
AllowOverride AuthConfig FileInfo
</Directory>
I had forgotten that by limiting AllowOverride
to just
FileInfo
for dir2, I was effectively nullifying any other
type of overrides in any subdirectores beneath it.
References:
-
Apache Core Feartures
Apache HTTP Server Project
[/network/web/server/apache]
permanent link
Sun, Mar 09, 2014 4:04 pm
Redirecting a URL on an Apache Web Server
If you are using an Apache webserver and you need to redirect visitors to
a webpage to another webpage, instead, one method of doing so is to use a
server-side redirect, which can be accomplished by inserting a redirect in
an .htaccess file, to the new page.
[ More Info ]
[/network/web/server/apache]
permanent link
Sun, Aug 08, 2010 1:45 pm
Restricting Access to an Apache Virtual Host
To restrict access to an Apache Virtual Host
by IP address, you will need to have the
mod_authz_host module loaded in the Apache configuration file
httpd.conf
, which can usually be found at
/etc/httpd/conf/httpd.conf
on
a Linux system. To determine if it is loaded, look for a line similar to the
following in the configuration file:
LoadModule authz_host_module modules/mod_authz_host.so
You can restrict access to a website that is set up as a virtual host by
including information on what IP addresses should have access to documents
on the website in a directory section Directory
as shown below.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/www/example
ErrorLog /home/www/example/logs/error.log
CustomLog /home/www/example/logs/transfer.log common
<Directory /home/www/example>
Order Deny,Allow
Deny from all
Allow from 192.168 127.0.0.1
</Directory>
</VirtualHost>
In the case above, access to the document root of the website, i.e., all
documents on the website, is restricted to allow access only from IP addresses
beginning with 192.168 and 127.0.0.1, which is the "localhost" address, meaning
the address of the server itself. Anyone trying to access example.com
from any other IP address would see the default webpage for the server, if any,
not the example.com website.
References:
-
Access Control
The Apache HTTP Server Project
-
Apache Module mod_authz_host
The Apache HTTP Server Project
-
Learn how to configure Apache
Date: September 29, 2003
TechRepublic Articles
[/network/web/server/apache]
permanent link
Tue, Jun 02, 2009 10:43 pm
Active Log Monitor
If you want to view access to your website in realtime, i.e. see
what pages are being accessed as they are being accessed, you can
use the Active Log Monitor PHP script.
[ More Info ]
[/network/web/server/apache]
permanent link
Privacy Policy
Contact