Still getting Apache 403 after adding Directory directive to Alias
I'm trying to create an Alias to a directory outside of the Apache root. This is the entire contents of my httpd.conf
ServerName bellnetwork-local Alias /bellnetwork/dev/static /home/josh/Dev/bell_network_stuff/git/dev/static_test <Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test> Order Allow,Deny Allow from all </Directory> I also gave Group and Other read and execute permission on static_test What more do I need to do? |
@ Reply
Hi Joshua Russo,
How you are trying to access this directory? Are you trying to access it via wget or via browser? What is the link that you are using to access this directory. How you have setup file system permission? Using acl or chmod? Did you give recursive permissions or just at the top level? Is selinux enabled. If yes, please share the output of getsebool -a | grep httpd |
Quote:
Quote:
Quote:
|
@ Reply
Shouldn't you be accessing by typing the following: http://localhost/bellnetwork/dev/static
Take a backup of your httpd.conf and make the following changes to see if that works: <Directory "/home/josh/Dev/bell_network_stuff/git/dev/static_test"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Make sure you restart apache post making the changes. |
No that didn't seem to do anything.
I'm not accessing just /bellnetwork/dev/static/ because there's nothing but more directories in it |
@ Reply
Instead of going with alias why don't you go with Virtual host. Could you please share your httpd.conf file?
|
I included everything that I had in the httpd.conf in my first post.
I also tried the virtual host but I still get a 403 error. There has to be something simple I'm missing. This is the entirety of my httpd.conf now: <VirtualHost *:80> DocumentRoot /home/josh/Dev/bell_network_stuff/git/dev/static_test ServerName bellnetwork-local <Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test> Options Indexes MultiViews AllowOverride None Order Allow,Deny Allow from all </Directory> </VirtualHost> |
@ Reply
Which distribution are you using. Usually httpd.conf file is pretty big. The file that you have pasted does not seem to be full httpd.conf file.
|
Mint 12, I did a fresh install of Apache 2.2 from the software manager.
|
There is also an apache2.conf that looks like this:
# # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See http://httpd.apache.org/docs/2.2/ for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "foo.log" # with ServerRoot set to "/etc/apache2" will be interpreted by the # server as "/etc/apache2/foo.log". # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the LockFile documentation (available # at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # LockFile ${APACHE_LOCK_DIR}/accept.lock # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 5 ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers: number of server processes to start # MinSpareServers: minimum number of server processes which are kept spare # MaxSpareServers: maximum number of server processes which are kept spare # MaxClients: maximum number of server processes allowed to start # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_prefork_module> StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # worker MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a # graceful restart. ThreadLimit can only be changed by stopping # and starting Apache. # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_worker_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # event MPM # StartServers: initial number of server processes to start # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxClients: maximum number of simultaneous client connections # MaxRequestsPerChild: maximum number of requests a server process serves <IfModule mpm_event_module> StartServers 2 MinSpareThreads 25 MaxSpareThreads 75 ThreadLimit 64 ThreadsPerChild 25 MaxClients 150 MaxRequestsPerChild 0 </IfModule> # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn # Include module configuration: Include mods-enabled/*.load Include mods-enabled/*.conf # Include all the user configurations: Include httpd.conf # Include ports listing Include ports.conf # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see README.Debian for details. # Include generic snippets of statements Include conf.d/ # Include the virtual host configurations: Include sites-enabled/ |
@ Reply
Thats a bit confusing because at first point I tought you would be running on CentOS or Fedora. Anyways that shouldn't matter in your case.
As you said that you get error 403 when you have configured it as follows: Alias /bellnetwork/dev/static /home/josh/Dev/bell_network_stuff/git/dev/static_test <Directory /home/josh/Dev/bell_network_stuff/git/dev/static_test> Order Allow,Deny Allow from all </Directory> Which user and group you have given access to static_test? As I can read from the last post you have given it explicitly on static_test but not at the top level. If not then how the user will get access to subdirectories? |
I was just using my user. I had opened read and execute to everyone on that folder.
drwxr-xr-x 13 root josh 4096 2012-01-08 19:18 static_test The folder is part of a website I'm developing. All I want is to have a local url that hosts the static files (the remainder is a Django project). I had it working and then reloaded the system and I'm not sure what I'm missing this time around. What's the best way to go about doing what I want to do? |
@ Reply
Alright. Let me get this straight. You have got a directory /home/josh/Dev/bell_network_stuff/git/dev/static_test which contails files of the website that you are developing. Right?
You want a local link to this directory so that you can test how your website looks like. Is that what you are looking for? If that is the case then you have to give same user and group access to this location who has got access to /var/www. Obviously this is your home directory so you cannot use chmod -R to give the apache user and group to give access. However, you can use setfacl command to provide them access. Easier way would be copying you dev directory under /var/www/ if possible? |
Ya, that's about it, though I will need to modify the css, javascript, and images and I'd like to keep it all grouped together. I don't understand how I had it working before.
|
@ Reply
You said that you had this working before. Did you make any changes recently to the system after which it stopped working?
|
Ya, I formatted and re-installed everything. I wanted a fresh start.
For the acl command, should I need to apply it from the home directory, or can I just do it on the static_test directory? |
There must be some way to do this. All of the alias examples in the Apache docs use home: http://httpd.apache.org/docs/2.0/urlmapping.html
|
@ Reply
In the link that you have posted I do not see any example in which author has used home. I will try to duplicate the way you want it to be but can't promise how soon I can, as it will depend on my schedule.
I have seen people setting up alias for directories but not for the one which is under their home directory. Because user is the owner of his home. I doubt it will work without configuring acl. Let me see if there is some alternate way to get this done. |
I was looking at the example
ScriptAliasMatch ^/~([a-zA-Z0-9]+)/cgi-bin/(.+) /home/$1/cgi-bin/$2 |
Ok, I found a solution, and thank you because it was via the setfacl command you suggested. I had tried it previously but I was using the wrong user.
sudo setfacl -R -m g:www-data:rx /home/josh/Dev What I don't understand is why I had to apply it so far up the path. Do you know why it worked at the Dev level but not static_test, or some other directory deeper in the path? |
@ Reply
You're welcome.
Great that you got it working. Please mark the thread as solved. To answer your query I need to know the acl for /home/josh. You can find that using the following command: Code:
getfacl /home/josh I will be able to say for sure if I know how acl is set on /home/josh |
This is interesting. My initial attempt using setfacl was with root, that's why those entries are there.
# file: home/josh # owner: josh # group: josh user::rwx user:root:r-x group::r-x group:root:r-x mask::r-x other::r-x # file: home/josh/Dev # owner: josh # group: josh user::rwx user:root:r-x group::--- group:root:r-x group:www-data:r-x mask::r-x other::--- What do the empty group and other entries with no permissions mean for home/josh/Dev? |
All times are GMT -5. The time now is 03:46 PM. |