LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-09-2012, 12:59 PM   #1
x201s
Member
 
Registered: Dec 2010
Posts: 67

Rep: Reputation: 0
Accessing Tomcat created pages from Apache-- Client denied by server configuration


Inside my httpd.conf, my DocumentRoot is /data.
I have a web application running inside Tomcat which creates a part of url, and this url is appended to my Apache url.

Tomcat part: testapp/req/usrX/12345/file
(note: usrX and 12345 are variable)
Apache part: http://myUrl

When I access http://myUrl/testapp/req/usrX/12345/file, I get
Code:
403 Forbidden: You don't have permission to access /testapp/req/userX/12345/file in this server
I have read many posts and all seem to say that inside my <Directory> ... </Directory>, I don't have "allow all" directive.

Yes, inside my httpd.conf, I have:
Code:
<Directory> 
      DocumentRoot /data
      --
      --
      Deny from all
   </Directory>
My problem:
I don't know how to write DocumentRoot with regular expression (and include "Allow from all" directive).

I think I need regular expression because the url pattern changes. As mentioned above, usrX and 12345 are variable.

I tried as follows, but failed.
Code:
<Directory "/data/testapp/req/*/*/file">
    Options -Indexes -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Apache server log says:
Code:
[error] [client xxx.xx.xx.xxx] client denied by server configuration: /data, referer: myUrl/testapp/req/userX/12345
I am using "ajp" to talk to backend Tomcat server that generates the second half of the url. I have necessary modules in place ("LoadModule proxy_ajp_modul") and I can telnet the backend Tomcat (on 8009) . So it could not be ajp communications problem.

For the ajp/redirection to work, I have added these lines inside the <VirtualHost> section of httpd.conf.

Code:
<VirtualHost *:80>    
    DocumentRoot /data
    ---
    ---
    ProxyPass /testapp ajp://backend_tomcat_url:8009/testapp
    ProxyPassReverse /testapp ajp://backend_tomcat_url:8009/testapp
    ---
</VirtualHost>
File permission on Tomcat context:
"testapp" is a "context" inside /webapps directory of Tomcat.
Owner of the "testapp" context is tomcat, but I have added read permission for everyone.

Would be grateful for some pointers. Thank you.
 
Old 12-09-2012, 02:54 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
Yes, inside my httpd.conf, I have:

<Directory>
DocumentRoot /data
--
--
Deny from all
</Directory>
You should deny access to the whole / directory
Code:
<Directory /> 
      Deny from all
</Directory>
and allow only access for the docroot:
Code:
<Directory "/data">
    Options -Indexes -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
Regards
 
Old 12-09-2012, 11:40 PM   #3
x201s
Member
 
Registered: Dec 2010
Posts: 67

Original Poster
Rep: Reputation: 0
Yes!!
Next time you are around, sake on me

Thank you, Guru!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Tomcat server configuration samir_rhel Linux - Server 5 04-29-2010 02:10 AM
Tomcat Apache - server configuration pujakofriendly Programming 1 01-12-2007 03:42 AM
Apache vhost issues (client denied by server configuration) bpk Linux - Software 8 02-16-2005 07:02 PM
Configuration for a client accessing a proxy server darin3200 Linux - Networking 2 01-08-2005 12:48 PM
client denied by server configuration mscomputers Linux - Security 2 12-07-2004 07:49 AM


All times are GMT -5. The time now is 02:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration