MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
October
Sun Mon Tue Wed Thu Fri Sat
   
9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
2024
Months
OctNov Dec


Mon, Mar 07, 2016 10:48 pm

Determining the modules which are loaded in Apache

The Apache HTTP server software supports many features via compiled modules which extend the core functionality of the web server software. Modules support various authentication methods, URL rewriting, proxying, etc. You can check on what modules are loaded using the command httpd -t -D DUMP_MODULES or with PHP using apache_get_modules().

[ More Info ]

[/network/web/server/apache] permanent link

Fri, Jan 22, 2016 5:12 pm

New site - You don't have permission to access / on this server

After adding a VirtualHost section to /etc/httpd/conf/httpd.conf on an Apache web server, when I tried accessing the site I saw the message below:

Forbidden

You don't have permission to access / on this server.

I'd encountered the problem in the past when there was a problem with permissions on the user's home directory. I didn't see any log files for the site in the directory under the user account, either, where the ErrorLog and CustomLog directives in the VirtualHost section for the website should have placed them. I checked the access for the user's home directory and found that the only access to that directory was read, write, and execute access for the user's account.

# ls -ld /home/jim
drwx------ 5 jim jim 4096 Jan 22 21:44 /home/jim

When I added "search" access for the group and all users to the user's home directory from the root account, I was able to access the website from a browser.

# chmod ga+x /home/joe

I.e., the cause of the problem had been the same as the last time I encountered the error message.

[/network/web/server/apache] permanent link

Sun, Nov 09, 2014 10:54 am

Determining when Apache was last restarted

If you need to determine the time that an Apache web server was last restarted, you can look for the word "resuming" in the Apache error log file. On a CentOS Linux system, you can use the command grep resuming /var/log/httpd/error_log.

# grep resuming /var/log/httpd/error_log
[Sun Nov 09 03:29:02.631763 2014] [mpm_prefork:notice] [pid 20663] AH00163: Apac
he/2.4.6 (CentOS) configured -- resuming normal operations

[/network/web/server/apache] permanent link

Wed, Nov 05, 2014 10:38 pm

You don't have permission to access / on this server error

After adding a virtual host section for a website to Apache's httpd.conf file on a Linux system, I restarted Apache and tried viewing the website with a browser. Instead of seeing the home page for the site, I saw:

Forbidden

You don't have permission to access / on this server.

When I looked in the error log for the site, I saw the following:

[Wed Nov 05 21:27:30.519520 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to / denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path
[Wed Nov 05 21:27:31.179045 2014] [core:error] [pid 4471] (13)Permission denied: [client 207.255.181.210:1604] AH00035: access to /favicon.ico denied (filesystem path '/home/jdoe/public_html') because search permissions are missing on a component of the path

Checking the public_html directory and the directories beneath it, I saw that owner, group, and world all had "execute" access, i.e., the capability to search through the directories.

$ ls -ld public_html
drwxrwxr-x. 14 jdoe jdoe 4096 Nov  5 21:04 public_html

But, checking the user's home directory I found there was no access to it except for the owner. When I changed that access to grant search access to other accounts in the same group and all accounts, then the website became visible.

$ chmod ga+x /home/jdoe
$ ls -ld /home/jdoe
drwx--x--x. 13 jdoe jdoe 4096 Nov  5 21:17 /home/jdoe

You can check the permissions on a directory and the directories above it up to the root directory with just one command using the namei -m command in the form namei -m /path_to_directory/dirname. E.g.:

$ namei -m /home/jdoe/public_html
f: /home/jdoe/public_html
 drwxr-xr-x /
 drwxr-xr-x home
 drwx--x--x jdoe
 drwxrwxr-x public_html

[/network/web/server/apache] permanent link

Wed, Mar 19, 2014 11:17 pm

AuthUserFile not allowed here

After setting up a redirect similar to the following in an .htaccess file in a directory, I found that I would get a 500 Internal Server Error with the message "The server encountered an internal error or misconfiguration and was unable to complete your request." whenever I tried to access a file in a password-protected subdirectory beneath the one in which I had created the .htaccess file to have the Apache server redirect visitors accessing an old .html file that I had replaced with a .php one.

Redirect 301 /dir1/dir2/example.html /dir1/dir2/example.php

In the Apache error log for the website, I saw the following:

[Wed Mar 19 21:05:17 2014] [alert] [client 192.168.0.10] /home/jdoe/public_html/dir1/dir2/dir3/.htaccess: AuthUserFile not allowed here, referer: http://support.moonpoint.com/dir1/dir2/example.php

That error log entry was created when I clicked on a link I had in example.php to access a file in the directory dir3, which was below the one in which example.php was located.

To allow the redirect to work, I had inserted the following code in the VirtualHost section for the website within Apache's /etc/httpd/conf/httpd.conf file.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride FileInfo
</Directory>

The .htaccess file for controlling access to the subdirectory dir1/dir2/dir3 had worked fine until I created another .htaccess file above it in dir2 for the redirect. The one for controlling access to dir3 with a username and password was similar to the following:

AuthUserFile /home/jdoe/public_html/.htpasswd-test
AuthGroupFile /dev/null
AuthName Testing
AuthType Basic
Require user test1

Because it contained AuthUserFile and AuthGroupFile, but I didn't specify AuthConfig within the <Directory> section for the virtual host in the httpd.conf file, but only FileInfo for AllowOverride, the authorization control no longer worked. When I changed the AllowOverride line to that shown below and restarted Apache with apachectl restart then both the redirect for the file in dir2 and the HTTP basic access authentication method for files in the subdirectory dir3 beneath dir2 both worked.

<Directory /home/jdoe/public_html/dir1/dir2>
    AllowOverride AuthConfig FileInfo
</Directory>

I had forgotten that by limiting AllowOverride to just FileInfo for dir2, I was effectively nullifying any other type of overrides in any subdirectores beneath it.

References:

  1. Apache Core Feartures
    Apache HTTP Server Project

[/network/web/server/apache] permanent link

Sun, Mar 09, 2014 4:04 pm

Redirecting a URL on an Apache Web Server

If you are using an Apache webserver and you need to redirect visitors to a webpage to another webpage, instead, one method of doing so is to use a server-side redirect, which can be accomplished by inserting a redirect in an .htaccess file, to the new page.

[ More Info ]

[/network/web/server/apache] permanent link

Sun, Aug 08, 2010 1:45 pm

Restricting Access to an Apache Virtual Host

To restrict access to an Apache Virtual Host by IP address, you will need to have the mod_authz_host module loaded in the Apache configuration file httpd.conf, which can usually be found at /etc/httpd/conf/httpd.conf on a Linux system. To determine if it is loaded, look for a line similar to the following in the configuration file:

LoadModule authz_host_module modules/mod_authz_host.so

You can restrict access to a website that is set up as a virtual host by including information on what IP addresses should have access to documents on the website in a directory section Directory as shown below.

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /home/www/example
    ErrorLog /home/www/example/logs/error.log
    CustomLog /home/www/example/logs/transfer.log common
    <Directory /home/www/example>
      Order Deny,Allow
      Deny from all
      Allow from 192.168 127.0.0.1
    </Directory>
</VirtualHost>

In the case above, access to the document root of the website, i.e., all documents on the website, is restricted to allow access only from IP addresses beginning with 192.168 and 127.0.0.1, which is the "localhost" address, meaning the address of the server itself. Anyone trying to access example.com from any other IP address would see the default webpage for the server, if any, not the example.com website.

References:

  1. Access Control
    The Apache HTTP Server Project
  2. Apache Module mod_authz_host
    The Apache HTTP Server Project
  3. Learn how to configure Apache
    Date: September 29, 2003
    TechRepublic Articles

[/network/web/server/apache] permanent link

Tue, Jun 02, 2009 10:43 pm

Active Log Monitor

If you want to view access to your website in realtime, i.e. see what pages are being accessed as they are being accessed, you can use the Active Log Monitor PHP script.

[ More Info ]

[/network/web/server/apache] permanent link

Tue, Jun 02, 2009 5:11 pm

Apache Access Log Format

If you use the common log format for websites that reside on an Apache webserver, you may not see the referer and agent, e.g. information on visitors' web browsers, logged. You can switch to the combined log format to have the additional information logged.

[ More Info ]

[/network/web/server/apache] permanent link

Fri, Apr 17, 2009 8:42 pm

Default Virtualhost in Apache

The first virtualhost section in Apache's httpd.conf file will be used as the default for any domain that doesn't have its own virtualhost section in the configuration file, if you use *:80 in the virtualhost section. E.g., suppose the very first virtualhost listed in httpd.conf is dummy-host.example.com as shown below.
<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot /www/docs/dummy-host.example.com
    ServerName dummy-host.example.com
    ErrorLog logs/dummy-host.example.com-error_log
    CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

If the IP address for another.example.com, points to the same webserver, but there is no virtualhost section for another.example.com, then anyone who uses http://another.example.com will see whatever homepage was set up for dummy-host.example.com.

References:

  1. VirtualHost Examples
    Apache HTTP Server Version 2.0
    The Apache HTTP Server Project

[/network/web/server/apache] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo