←October→
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
|
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
|
|
|
Mon, Mar 07, 2016 10:48 pm
Determining the modules which are loaded in Apache
The
Apache HTTP server software supports many features
via
compiled
modules which extend the core functionality of the web server software.
Modules support various authentication methods,
URL
rewriting,
proxying, etc. You can check on what modules are loaded
using the command
httpd -t -D DUMP_MODULES
or with PHP using
apache_get_modules()
.
[ More Info ]
[/network/web/server/apache]
permanent link
Fri, Jan 22, 2016 5:12 pm
New site - You don't have permission to access / on this server
After adding a VirtualHost section to
/etc/httpd/conf/httpd.conf
on an Apache web server, when I tried accessing the site I saw the message
below:
Forbidden
You don't have permission to access /
on this server.
I'd encountered the problem in the past when there was a problem with
permissions on the user's home directory. I didn't see any log files for the
site in the directory under the user account, either, where the
ErrorLog
and CustomLog
directives in the
VirtualHost section for the website should have placed them. I checked the
access for the user's home directory and found that the only access to that
directory was read, write, and execute access for the user's account.
# ls -ld /home/jim
drwx------ 5 jim jim 4096 Jan 22 21:44 /home/jim
When I added "search" access for the group and all users to the user's home
directory from the root account, I was able to access the website from a
browser.
I.e., the cause of the problem had been the same as the last time I
encountered the error message.
[/network/web/server/apache]
permanent link
Sun, Nov 09, 2014 10:54 am
Determining when Apache was last restarted
If you need to determine the time that an Apache web server was last restarted,
you can look for the word "resuming" in the Apache error log file. On a CentOS
Linux system, you can use the command
grep resuming
/var/log/httpd/error_log
.
# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations
[/network/web/server/apache]
permanent link
Wed, Nov 05, 2014 10:38 pm
You don't have permission to access / on this server error
After adding a virtual host section for a website to Apache's
httpd.conf
file on a Linux system, I restarted Apache and tried
viewing the website with a browser. Instead of seeing the home page for the
site, I saw:
Forbidden
You don't have permission to access / on this server.
When I looked in the error log for the site, I saw the following:
[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
Checking the public_html
directory and the directories
beneath it, I saw that owner, group, and world all had "execute" access,
i.e., the capability to search through the directories.
$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov 5 21:04 public_html
But, checking the user's home directory I found there was no access to it
except for the owner. When I changed that access to grant search access
to other accounts in the same group and all accounts, then the website became
visible.
$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov 5 21:17 /home/jdoe
You can check the permissions on a directory and the directories
above it up to the root directory with just one command using
the namei -m
command in the form namei -m
/path_to_directory/dirname
. E.g.:
$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
drwxr-xr-x /
drwxr-xr-x home
drwx--x--x jdoe
drwxrwxr-x public_html
[/network/web/server/apache]
permanent link
Wed, Mar 19, 2014 11:17 pm
AuthUserFile not allowed here
After setting up a redirect similar to the following in an .htaccess file in
a directory, I found that I would get a
500 Internal Server Error
with the message "The server encountered an internal error or
misconfiguration and was unable to complete your request." whenever I tried
to access a file in a password-protected subdirectory beneath the one
in which I had created the .htaccess file to have the Apache server
redirect visitors accessing an old .html file that I had replaced with a
.php one.
Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php
In the Apache error log for the website, I saw the following:
[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php
That error log entry was created when I clicked on a link I had
in example.php to access a file in the directory dir3, which was below the
one in which example.php was located.
To allow the redirect to work, I had inserted the following code in
the VirtualHost section for the website within Apache's
/etc/httpd/conf/httpd.conf
file.
<Directory /home/jdoe/public_html/dir1/dir2>
AllowOverride FileInfo
</Directory>
The .htaccess file for controlling access to the subdirectory
dir1/dir2/dir3
had worked fine until I created another
.htaccess file above it in dir2 for the redirect. The one for controlling access
to dir3 with a username and password was similar to the following:
AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1
Because it contained AuthUserFile
and
AuthGroupFile
, but I didn't specify AuthConfig
within the <Directory>
section for the virtual host
in the httpd.conf
file, but only FileInfo
for AllowOverride
, the authorization control no longer
worked. When I changed the AllowOverride
line to that
shown below and restarted Apache with apachectl restart
then both the redirect for the file in dir2
and the HTTP
basic access
authentication method for files in the subdirectory dir3
beneath dir2
both worked.
<Directory /home/jdoe/public_html/dir1/dir2>
AllowOverride AuthConfig FileInfo
</Directory>
I had forgotten that by limiting AllowOverride
to just
FileInfo
for dir2, I was effectively nullifying any other
type of overrides in any subdirectores beneath it.
References:
-
Apache Core Feartures
Apache HTTP Server Project
[/network/web/server/apache]
permanent link
Sun, Mar 09, 2014 4:04 pm
Redirecting a URL on an Apache Web Server
If you are using an Apache webserver and you need to redirect visitors to
a webpage to another webpage, instead, one method of doing so is to use a
server-side redirect, which can be accomplished by inserting a redirect in
an .htaccess file, to the new page.
[ More Info ]
[/network/web/server/apache]
permanent link
Sun, Aug 08, 2010 1:45 pm
Restricting Access to an Apache Virtual Host
To restrict access to an Apache Virtual Host
by IP address, you will need to have the
mod_authz_host module loaded in the Apache configuration file
httpd.conf
, which can usually be found at
/etc/httpd/conf/httpd.conf
on
a Linux system. To determine if it is loaded, look for a line similar to the
following in the configuration file:
LoadModule authz_host_module modules/mod_authz_host.so
You can restrict access to a website that is set up as a virtual host by
including information on what IP addresses should have access to documents
on the website in a directory section Directory
as shown below.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/www/example
ErrorLog /home/www/example/logs/error.log
CustomLog /home/www/example/logs/transfer.log common
<Directory /home/www/example>
Order Deny,Allow
Deny from all
Allow from 192.168 127.0.0.1
</Directory>
</VirtualHost>
In the case above, access to the document root of the website, i.e., all
documents on the website, is restricted to allow access only from IP addresses
beginning with 192.168 and 127.0.0.1, which is the "localhost" address, meaning
the address of the server itself. Anyone trying to access example.com
from any other IP address would see the default webpage for the server, if any,
not the example.com website.
References:
-
Access Control
The Apache HTTP Server Project
-
Apache Module mod_authz_host
The Apache HTTP Server Project
-
Learn how to configure Apache
Date: September 29, 2003
TechRepublic Articles
[/network/web/server/apache]
permanent link
Tue, Jun 02, 2009 10:43 pm
Active Log Monitor
If you want to view access to your website in realtime, i.e. see
what pages are being accessed as they are being accessed, you can
use the Active Log Monitor PHP script.
[ More Info ]
[/network/web/server/apache]
permanent link
Tue, Jun 02, 2009 5:11 pm
Apache Access Log Format
If you use the common log format for websites that reside on an Apache
webserver, you may not see the referer and agent, e.g. information on
visitors' web browsers, logged. You can switch to the combined log format
to have the additional information logged.
[ More Info ]
[/network/web/server/apache]
permanent link
Fri, Apr 17, 2009 8:42 pm
Default Virtualhost in Apache
The first virtualhost section in Apache's
httpd.conf
file will be used as the default for any domain that doesn't have
its own virtualhost section in the configuration file, if you
use
*:80
in the virtualhost section. E.g., suppose
the very first virtualhost listed in
httpd.conf
is
dummy-host.example.com
as shown below.
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /www/docs/dummy-host.example.com
ServerName dummy-host.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>
If the IP address for another.example.com
, points to
the same webserver, but there is no virtualhost section for
another.example.com
, then anyone who uses
http://another.example.com will see whatever homepage was set up
for dummy-host.example.com
.
References:
-
VirtualHost Examples
Apache HTTP Server Version 2.0
The Apache HTTP Server Project
[/network/web/server/apache]
permanent link
Privacy Policy
Contact