Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I recently added a speedtest server to my Apache virtual hosts. I have put in the Order Deny, Allow and specified a number of subnets to allow and deny the rest.
It all works beautifully, but IPs that are not allowed to access the server attempt to, they get the Apache 2 Test Page. I think it should be the normal 403 Forbidden Page and I would prefer it that way. Anyone know how to do that?
If they are accessing the server by IP address then check that your allow/deny is covering the whole scope of your server and not just a particular vhost.
It all works beautifully, but IPs that are not allowed to access the server attempt to, they get the Apache 2 Test Page. I think it should be the normal 403 Forbidden Page and I would prefer it that way. Anyone know how to do that?
Getting a 403 error is the normal behavior, but without the apache config file(s), I can only guess that maybe your 403 error page is pointing to the apache test page. So search for an "ErrorDocument 403 ..." directive, or post here your config file.
If they are accessing the server by IP address then check that your allow/deny is covering the whole scope of your server and not just a particular vhost.
That part of it is working fine. I can put my subnet in the allow section, reload config, and I can get in. I take it out, reload, and I get the test page. Regardless of whether I'm allowed to view that vhost or not, I can view all other sites for the server, which is exactly how the allow/deny is supposed to work. What I don't want is the test page, I would take the 403 Forbidden or even make my own custom page if needed, but I don't want the outside world seeing the test page.
Getting a 403 error is the normal behavior, but without the apache config file(s), I can only guess that maybe your 403 error page is pointing to the apache test page. So search for an "ErrorDocument 403 ..." directive, or post here your config file.
Regards
I found that section of the conf file. All of the error documents were commented out. I uncommented them and restarted httpd to no avail. Below is the section of the httpd.conf file regarding error docs. All /opt/www paths are correct, rather than /var/www. I checked /opt/www/error and all files are in there. The ownership was root:root. I changed it to apache:apache as a test, still getting the test page.
Code:
Alias /error/ "/opt/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/opt/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
Doh, maybe you have some rewrite rules that rewrite the 403 error document to the index page.
Check the apache config files and/or any .htaccess files for something like:
Code:
RewriteEngine On
RewriteRule ^error(.*)$ /index.html
Doh, maybe you have some rewrite rules that rewrite the 403 error document to the index page.
Check the apache config files and/or any .htaccess files for something like:
Code:
RewriteEngine On
RewriteRule ^error(.*)$ /index.html
I found the issue. I picked out particular text from the test page and searched for it in the /error folder. I found a file called noindex.html that contained the text. Moved it somewhere else and I get the Forbidden page now. However, I created my own forbidden page, and I cannot seem to get that one displayed. I put it in the /error folder with the HTML extension. Changed my .conf file to reflect the new forbidden page filename, but it still pulls up the default one. Frustrating...
However, I created my own forbidden page, and I cannot seem to get that one displayed. I put it in the /error folder with the HTML extension. Changed my .conf file to reflect the new forbidden page filename, but it still pulls up the default one. Frustrating
...
I guess that you mean the apache default 403 error message.
If you used:
Code:
ErrorDocument 403 /error/myforbidden-page.html
is should work, so clear your browser cache and try again
...
I guess that you mean the apache default 403 error message.
If you used:
Code:
ErrorDocument 403 /error/myforbidden-page.html
is should work, so clear your browser cache and try again
Regards
Yes, I get the default with a "Additionally, 404 blah blah blah".
I did use that code snipet
Did clear my cache
Doesn't pull the correct page, still the Apache test page.
That means that apache can't find your 403-error page.
You are supposed to replace:
with the code in my previous post.
Also you can check the error_log to see where it's looking for it.
Did all that.
Code:
Alias /error/ "/opt/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/opt/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_CUS_FORBIDDEN.html
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
Code:
ls -l /opt/www/error/
total 228
-rw-r--r-- 1 root root 4256 Nov 13 2005 contact.html.var
-rw-r--r-- 1 root root 9108 Nov 13 2005 HTTP_BAD_GATEWAY.html.var
-rw-r--r-- 1 root root 6633 Nov 13 2005 HTTP_BAD_REQUEST.html.var
-rw-r--r-- 1 root root 352 Nov 21 11:34 HTTP_CUS_FORBIDDEN.html
-rw-r--r-- 1 root root 11193 Nov 13 2005 HTTP_FORBIDDEN.html.var
-rw-r--r-- 1 root root 12700 Nov 13 2005 HTTP_GONE.html.var
-rw-r--r-- 1 root root 12846 Nov 13 2005 HTTP_INTERNAL_SERVER_ERROR.html.var
-rw-r--r-- 1 root root 7539 Nov 13 2005 HTTP_LENGTH_REQUIRED.html.var
-rw-r--r-- 1 root root 6773 Nov 13 2005 HTTP_METHOD_NOT_ALLOWED.html.var
-rw-r--r-- 1 root root 13255 Nov 13 2005 HTTP_NOT_FOUND.html.var
-rw-r--r-- 1 root root 6336 Nov 13 2005 HTTP_NOT_IMPLEMENTED.html.var
-rw-r--r-- 1 root root 6565 Nov 13 2005 HTTP_PRECONDITION_FAILED.html.var
-rw-r--r-- 1 root root 7802 Nov 13 2005 HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-rw-r--r-- 1 root root 7099 Nov 13 2005 HTTP_REQUEST_TIME_OUT.html.var
-rw-r--r-- 1 root root 7103 Nov 13 2005 HTTP_REQUEST_URI_TOO_LARGE.html.var
-rw-r--r-- 1 root root 7822 Nov 13 2005 HTTP_SERVICE_UNAVAILABLE.html.var
-rw-r--r-- 1 root root 13035 Nov 13 2005 HTTP_UNAUTHORIZED.html.var
-rw-r--r-- 1 root root 6353 Nov 13 2005 HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-rw-r--r-- 1 root root 7009 Nov 13 2005 HTTP_VARIANT_ALSO_VARIES.html.var
drwxr-xr-x 2 root root 4096 Jun 24 08:20 include
-rw-r--r-- 1 root root 24083 Jun 7 08:18 lr_300.jpg
-rw-r--r-- 1 root root 1979 Jul 11 2006 README
-rw-r--r-- 1 root root 5043 May 4 2011 temp.html
Restarted HTTPD, went to visit the page from an IP that is not allowed:
Code:
[Tue Nov 22 09:48:33 2011] [notice] caught SIGTERM, shutting down
[Tue Nov 22 09:48:34 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 22 09:48:34 2011] [notice] Digest: generating secret for digest authentication ...
[Tue Nov 22 09:48:34 2011] [notice] Digest: done
[Tue Nov 22 09:48:34 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Nov 22 09:48:34 2011] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
Restarted HTTPD, went to visit the page from an IP that is not allowed:
Well, I don't see any evidence in error_log that you got a "Forbidden" error. There should be a "client denied by server configuration ..." message in error_log and a 403 error code in access_log
Are you sure the host restriction works?
Well, I don't see any evidence in error_log that you got a "Forbidden" error. There should be a "client denied by server configuration ..." message in error_log and a 403 error code in access_log
Are you sure the host restriction works?
Yes sir, the restriction works. I now see what you're going for though, I have custom logs set up. Me thinks you're looking for the following:
Code:
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] client denied by server configuration: /opt/www/speedtest/
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] File does not exist: /opt/www/error/noindex.html
[Tue Nov 22 10:00:20 2011] [error] [client 192.168.168.1] File does not exist: /opt/www/error/noindex.html
So apache still looks for noindex.html when it wants to show a 403 error.
You can search again all your configuration files and see where noindex.html is used, or rename your HTTP_CUS_FORBIDDEN.html to noindex.html
So apache still looks for noindex.html when it wants to show a 403 error.
You can search again all your configuration files and see where noindex.html is used, or rename your HTTP_CUS_FORBIDDEN.html to noindex.html
Regards
That got it. The culprit was a line in /etc/httpd/conf.d/welcome.conf:
Code:
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
I commented that out, restarted httpd and that was all she wrote. Thanks for the help!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
