LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-18-2011, 10:12 AM   #1
buee
Member
 
Registered: May 2009
Posts: 81

Rep: Reputation: 16
Apache Denied IPs getting Test Page


I recently added a speedtest server to my Apache virtual hosts. I have put in the Order Deny, Allow and specified a number of subnets to allow and deny the rest.

It all works beautifully, but IPs that are not allowed to access the server attempt to, they get the Apache 2 Test Page. I think it should be the normal 403 Forbidden Page and I would prefer it that way. Anyone know how to do that?
 
Old 11-18-2011, 10:30 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6
Posts: 1,449

Rep: Reputation: 438Reputation: 438Reputation: 438Reputation: 438Reputation: 438
If they are accessing the server by IP address then check that your allow/deny is covering the whole scope of your server and not just a particular vhost.
 
Old 11-18-2011, 03:40 PM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Quote:
It all works beautifully, but IPs that are not allowed to access the server attempt to, they get the Apache 2 Test Page. I think it should be the normal 403 Forbidden Page and I would prefer it that way. Anyone know how to do that?
Getting a 403 error is the normal behavior, but without the apache config file(s), I can only guess that maybe your 403 error page is pointing to the apache test page. So search for an "ErrorDocument 403 ..." directive, or post here your config file.

Regards
 
Old 11-21-2011, 08:23 AM   #4
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by TenTenths View Post
If they are accessing the server by IP address then check that your allow/deny is covering the whole scope of your server and not just a particular vhost.
That part of it is working fine. I can put my subnet in the allow section, reload config, and I can get in. I take it out, reload, and I get the test page. Regardless of whether I'm allowed to view that vhost or not, I can view all other sites for the server, which is exactly how the allow/deny is supposed to work. What I don't want is the test page, I would take the 403 Forbidden or even make my own custom page if needed, but I don't want the outside world seeing the test page.
 
Old 11-21-2011, 08:57 AM   #5
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
Hi,


Getting a 403 error is the normal behavior, but without the apache config file(s), I can only guess that maybe your 403 error page is pointing to the apache test page. So search for an "ErrorDocument 403 ..." directive, or post here your config file.

Regards
I found that section of the conf file. All of the error documents were commented out. I uncommented them and restarted httpd to no avail. Below is the section of the httpd.conf file regarding error docs. All /opt/www paths are correct, rather than /var/www. I checked /opt/www/error and all files are in there. The ownership was root:root. I changed it to apache:apache as a test, still getting the test page.

Code:
Alias /error/ "/opt/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/opt/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>
 
Old 11-21-2011, 12:34 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Doh, maybe you have some rewrite rules that rewrite the 403 error document to the index page.
Check the apache config files and/or any .htaccess files for something like:
Code:
RewriteEngine On
RewriteRule ^error(.*)$ /index.html
 
Old 11-21-2011, 12:57 PM   #7
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
Doh, maybe you have some rewrite rules that rewrite the 403 error document to the index page.
Check the apache config files and/or any .htaccess files for something like:
Code:
RewriteEngine On
RewriteRule ^error(.*)$ /index.html
I found the issue. I picked out particular text from the test page and searched for it in the /error folder. I found a file called noindex.html that contained the text. Moved it somewhere else and I get the Forbidden page now. However, I created my own forbidden page, and I cannot seem to get that one displayed. I put it in the /error folder with the HTML extension. Changed my .conf file to reflect the new forbidden page filename, but it still pulls up the default one. Frustrating...
 
Old 11-21-2011, 01:30 PM   #8
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
However, I created my own forbidden page, and I cannot seem to get that one displayed. I put it in the /error folder with the HTML extension. Changed my .conf file to reflect the new forbidden page filename, but it still pulls up the default one. Frustrating
...
I guess that you mean the apache default 403 error message.
If you used:
Code:
ErrorDocument 403 /error/myforbidden-page.html
is should work, so clear your browser cache and try again

Regards
 
Old 11-21-2011, 04:25 PM   #9
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
...
I guess that you mean the apache default 403 error message.
If you used:
Code:
ErrorDocument 403 /error/myforbidden-page.html
is should work, so clear your browser cache and try again

Regards
Yes, I get the default with a "Additionally, 404 blah blah blah".
I did use that code snipet
Did clear my cache
Doesn't pull the correct page, still the Apache test page.
 
Old 11-21-2011, 04:51 PM   #10
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
Yes, I get the default with a "Additionally, 404 blah blah blah".
That means that apache can't find your 403-error page.
You are supposed to replace:
Quote:
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
with the code in my previous post.
Also you can check the error_log to see where it's looking for it.

Last edited by bathory; 11-21-2011 at 04:52 PM.
 
Old 11-22-2011, 09:51 AM   #11
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
That means that apache can't find your 403-error page.
You are supposed to replace:
with the code in my previous post.
Also you can check the error_log to see where it's looking for it.
Did all that.

Code:
Alias /error/ "/opt/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/opt/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_CUS_FORBIDDEN.html
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>
Code:
ls -l /opt/www/error/
total 228
-rw-r--r-- 1 root root  4256 Nov 13  2005 contact.html.var
-rw-r--r-- 1 root root  9108 Nov 13  2005 HTTP_BAD_GATEWAY.html.var
-rw-r--r-- 1 root root  6633 Nov 13  2005 HTTP_BAD_REQUEST.html.var
-rw-r--r-- 1 root root   352 Nov 21 11:34 HTTP_CUS_FORBIDDEN.html
-rw-r--r-- 1 root root 11193 Nov 13  2005 HTTP_FORBIDDEN.html.var
-rw-r--r-- 1 root root 12700 Nov 13  2005 HTTP_GONE.html.var
-rw-r--r-- 1 root root 12846 Nov 13  2005 HTTP_INTERNAL_SERVER_ERROR.html.var
-rw-r--r-- 1 root root  7539 Nov 13  2005 HTTP_LENGTH_REQUIRED.html.var
-rw-r--r-- 1 root root  6773 Nov 13  2005 HTTP_METHOD_NOT_ALLOWED.html.var
-rw-r--r-- 1 root root 13255 Nov 13  2005 HTTP_NOT_FOUND.html.var
-rw-r--r-- 1 root root  6336 Nov 13  2005 HTTP_NOT_IMPLEMENTED.html.var
-rw-r--r-- 1 root root  6565 Nov 13  2005 HTTP_PRECONDITION_FAILED.html.var
-rw-r--r-- 1 root root  7802 Nov 13  2005 HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-rw-r--r-- 1 root root  7099 Nov 13  2005 HTTP_REQUEST_TIME_OUT.html.var
-rw-r--r-- 1 root root  7103 Nov 13  2005 HTTP_REQUEST_URI_TOO_LARGE.html.var
-rw-r--r-- 1 root root  7822 Nov 13  2005 HTTP_SERVICE_UNAVAILABLE.html.var
-rw-r--r-- 1 root root 13035 Nov 13  2005 HTTP_UNAUTHORIZED.html.var
-rw-r--r-- 1 root root  6353 Nov 13  2005 HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-rw-r--r-- 1 root root  7009 Nov 13  2005 HTTP_VARIANT_ALSO_VARIES.html.var
drwxr-xr-x 2 root root  4096 Jun 24 08:20 include
-rw-r--r-- 1 root root 24083 Jun  7 08:18 lr_300.jpg
-rw-r--r-- 1 root root  1979 Jul 11  2006 README
-rw-r--r-- 1 root root  5043 May  4  2011 temp.html
Restarted HTTPD, went to visit the page from an IP that is not allowed:

Code:
[Tue Nov 22 09:48:33 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 22 09:48:34 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 22 09:48:34 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 22 09:48:34 2011] [notice] Digest: done
[Tue Nov 22 09:48:34 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Nov 22 09:48:34 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
0_o
 
Old 11-22-2011, 11:27 AM   #12
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Quote:
Restarted HTTPD, went to visit the page from an IP that is not allowed:
Well, I don't see any evidence in error_log that you got a "Forbidden" error. There should be a "client denied by server configuration ..." message in error_log and a 403 error code in access_log
Are you sure the host restriction works?
 
Old 11-22-2011, 11:47 AM   #13
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
Hi,


Well, I don't see any evidence in error_log that you got a "Forbidden" error. There should be a "client denied by server configuration ..." message in error_log and a 403 error code in access_log
Are you sure the host restriction works?
Yes sir, the restriction works. I now see what you're going for though, I have custom logs set up. Me thinks you're looking for the following:

Code:
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] client denied by server configuration: /opt/www/speedtest/
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] File does not exist: /opt/www/error/noindex.html
 
Old 11-22-2011, 12:06 PM   #14
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,907

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Quote:
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] File does not exist: /opt/www/error/noindex.html
So apache still looks for noindex.html when it wants to show a 403 error.
You can search again all your configuration files and see where noindex.html is used, or rename your HTTP_CUS_FORBIDDEN.html to noindex.html

Regards
 
1 members found this post helpful.
Old 11-22-2011, 12:43 PM   #15
buee
Member
 
Registered: May 2009
Posts: 81

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by bathory View Post
So apache still looks for noindex.html when it wants to show a 403 error.
You can search again all your configuration files and see where noindex.html is used, or rename your HTTP_CUS_FORBIDDEN.html to noindex.html

Regards
That got it. The culprit was a line in /etc/httpd/conf.d/welcome.conf:

Code:
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL.  To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>
I commented that out, restarted httpd and that was all she wrote. Thanks for the help!
 
  


Reply

Tags
apache2


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Denied IPs getting Test Page buee Linux - Server 0 11-18-2011 09:45 AM
Apache test page carlos22 Linux - Newbie 10 01-14-2007 11:53 AM
Getting Apache Test Page ApachePadowan Linux - Software 4 04-20-2005 09:28 PM
I cant change the default test page in apache server to add my page.y nhemapriya Linux - Newbie 3 05-13-2004 12:35 PM
Sorry, that Apache test page is at it again. Hal Linux - Newbie 4 10-26-2003 05:53 PM


All times are GMT -5. The time now is 09:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration