LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-20-2004, 10:17 AM   #1
cavemanf16
LQ Newbie
 
Registered: Oct 2003
Distribution: Mandrake 10.1
Posts: 17

Rep: Reputation: 0
Question apache unable to access /home/*/public_html directory


I am having an incredibly difficult time getting public_html directory access to work in Apache 1.3. I can access my server just fine through the root directory (/var/www/html/) where I've stored a bunch of stuff already, but apache simply won't let me in to my personal /home/*/public_html/ directory. I need to do this in order to easily transfer files back and forth from my Windows XP machine, and I have my server set up to be as secure as possible, hence only apache has permissions (currently) on /var/www/html. Should I be running apache in as nobody:nogroup, or is there some configuration directive I'm missing. I've read the Apache documentation online both to trouble-shoot the errors I'm getting in my error_log file and to try to set up /home/*/public_html directory support, but so far it just won't work. (I'm getting 403 errors or "client cannot connect" type errors right now, depending on the per directory configuration I set in Webmin (or the .conf files, I know how to edit the configs using either method))

Can anyone help direct me to a more thorough trouble-shooting/tutorial website or documentation?
 
Old 06-20-2004, 10:24 AM   #2
cavemanf16
LQ Newbie
 
Registered: Oct 2003
Distribution: Mandrake 10.1
Posts: 17

Original Poster
Rep: Reputation: 0
my httpd.conf file

httpd.conf:


### Main Configuration Section
### You really shouldn't change these settings unless you're a guru
###
ServerType standalone
ServerRoot /etc/httpd
#ServerName localhost
#LockFile /etc/httpd/httpd.lock
PidFile /var/run/httpd.pid
ScoreBoardFile /etc/httpd/httpd.scoreboard
ErrorLog logs/error_log
LogLevel warn
ResourceConfig /dev/null
AccessConfig /dev/null
DocumentRoot /var/www/html


### Dynamic Shared Object (DSO) Support
###
###
#LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule proxy_module modules/libproxy.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
#LoadModule dbm_auth_module modules/mod_auth_dbm.so
#LoadModule db_auth_module modules/mod_auth_db.so
LoadModule digest_module modules/mod_digest.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule example_module modules/mod_example.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
<IfDefine HAVE_PHP4>
LoadModule php4_module extramodules/libphp4.so
</IfDefine>
<IfDefine HAVE_SSL>
LoadModule ssl_module extramodules/libssl.so
</IfDefine>
LoadModule vhost_alias_module modules/mod_vhost_alias.so

# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
#AddModule mod_mmap_static.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
#AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
#AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_proxy.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
#AddModule mod_auth_dbm.c
#AddModule mod_auth_db.c
AddModule mod_digest.c
#AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
AddModule mod_usertrack.c
#AddModule mod_example.c
#AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
<IfDefine HAVE_PHP4>
AddModule mod_php4.c
</IfDefine>
<IfDefine HAVE_SSL>
AddModule mod_ssl.c
</IfDefine>
AddModule mod_vhost_alias.c

###
### Global Configuration
###
# We now support multiple apache configurations on the same server. In
# common.conf, we put all directives that are common to all implementations
# (httpd, httpd-perl, etc.)
Include conf/commonhttpd.conf


###
### IP Address/Port and Proxied configuration section
###
# The APACHEPROXIED setting can be set in /etc/rc.d/init.d/httpd if you
# are using a proxy or accelerator, like the Apache-SGI or khttpd, so that
# the fast web server serves static content while Apache handles the
# cgi or php files

#BindAddress *
<IfDefine APACHEPROXIED>
Port 8080
Listen 8080
</IfDefine>
<IfDefine !APACHEPROXIED>
Port 80
Listen 192.168.0.104:80
</IfDefine>

# Likewise, we can set apache as the server by default and send perl
# requests via ProxyPass to apache-mod_perl. It increases performance
# since the perl interpreter is only used for perl and the standard apache
# does all the html and image files, with a smaller footprint.
#
# If you install apache and apache-mod_perl, this is the default config.
# If you don't want two web servers to use perl, uninstall apache, and
# apache-mod_perl will not be proxied.

<IfDefine PERLPROXIED>
RewriteEngine on
RewriteRule ^proxy:.* - [F]
RewriteRule ^(.*\/perl\/.*)$ http://%{HTTP_HOST}:8200$1 [P]
RewriteRule ^(.*\/cgi-perl\/.*)$ http://%{HTTP_HOST}:8200$1 [P]
</IfDefine>

###
### Log configuration Section
###

#Single logfile with access, agent and referer information
#This is the default, if vlogs are not defined for the main server
CustomLog logs/access_log combined env=!VLOG
#If VLOG is defined in conf/vhosts/Vhost.conf, we use this entry
CustomLog "|/usr/sbin/advxsplitlogfile" vhost env=VLOG


###
### Virtual Hosts
###
# We include different templates for Virtual Hosting. Have a look in the
# vhosts directory and modify to suit your needs.
Include conf/vhosts/Vhosts.conf
#Include conf/vhosts/DynamicVhosts.conf
#Include conf/vhosts/VirtualHomePages.conf


###
### Performance settings Section
###
#
# Timeout: The number of seconds before receives and sends time out.
#
TimeOut 300

#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive on

#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100

#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15

#
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#
MinSpareServers 4
MaxSpareServers 10

#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
StartServers 4

#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
MaxClients 50

#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
#
MaxRequestsPerChild 20

Include conf/addon-modules/php.conf
ScriptLog /var/log/cgi-bin.log
ScriptLogBuffer 128000
ScriptLogLength 128000
LimitRequestLine 512
LimitRequestFieldsize 512
Include conf/ssl/mod_ssl.conf
Include conf/ssl/ssl.default-vhost.conf
 
Old 06-20-2004, 10:26 AM   #3
cavemanf16
LQ Newbie
 
Registered: Oct 2003
Distribution: Mandrake 10.1
Posts: 17

Original Poster
Rep: Reputation: 0
my commonhttpd.conf

### Common server configuration
#
User apache
Group apache

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
#
ServerAdmin c4v3m4n@imapmail.org

# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
# DO NOT MODIFY THIS ONE, USE httpd.conf and httpd-perl.conf
#DocumentRoot /var/www/html


#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
# Also, for security, we disable indexes globally
#
#<Directory />
# Options -Indexes FollowSymLinks
# AllowOverride None
#</Directory>

#Restricted set of options
<Directory />
Options -All -Multiviews
AllowOverride None
<IfModule mod_access.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>


#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#


#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
UserDir public_html
UserDir enabled caveman carly
UserDir disabled root
</IfModule>

#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
<IfModule mod_dir.c>
DirectoryIndex index.html index.html.var index.php index.php3 index.shtml index.cgi index.pl index.htm Default.htm default.htm index.xml
</IfModule>

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<IfModule mod_access.c>
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
</IfModule>

#
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#
#CacheNegotiatedDocs

#
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostnameort that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
#
UseCanonicalName On

#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
<IfModule mod_mime.c>
TypesConfig conf/apache-mime.types
</IfModule>

#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an <IfModule> container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
#
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# http://httpd.apache.org/docs-2.0/mod...tml#enablemmap
#
# EnableMMAP off

#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# http://httpd.apache.org/docs-2.0/mod...enablesendfile
#
#EnableSendfile off

# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
<IfModule mod_log_config.c>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost

<IfModule mod_logio.c>

# You need to enable mod_logio.c to use %I and %O
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio

</IfModule>

#
# The location and format of the access logfile (Common Logfile Format).
#CustomLog logs/access_log common

#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent

#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access_log combined
</IfModule>

#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full

#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On

#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
<IfModule mod_alias.c>

#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/"..
#
Alias /icons/ /var/www/icons/
Alias /doc /usr/share/doc


#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
ScriptAlias /protected-cgi-bin/ /var/www/protected-cgi-bin/

<IfModule mod_perl.c>
#Provide two aliases to the same cgi-bin directory,
#to see the effects of the 2 different mod_perl modes
#for Apache::Registry Mode
Alias /perl/ /var/www/perl/
#for Apache::Perlrun Mode
Alias /cgi-perl/ /var/www/perl/
</IfModule>


</IfModule>
# End of aliases.

#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect old-URI new-URL
#

#
# Directives controlling the display of server-generated directory listings.
.... - this section deleted for posting this message

# End of document types.

#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.

# Alias /error/ "/var/www/error"
#
# <Directory "/var/www/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en es de fr sv
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

# Customizable error responses come in three flavors:
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo."
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local URL /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
# N.B.: You can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://www.example.com/subscription_info.html
# N.B.: Many of the environment variables associated with the original
# request will *not* be available to such a script.

## This should be changed to the ServerRoot/manual/. The alias provides
## the manual, even if you choose to move your DocumentRoot. You may comment
## this out if you do not care for the documentation.
##
#AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1"
#
#<Directory "/var/www/manual">
# Options Indexes
# AllowOverride None
# Order allow,deny
# Allow from all
#
# <Files *.html>
# SetHandler type-map
# </Files>
#
# SetEnvIf Request_URI ^/manual/de/ prefer-language=de
# SetEnvIf Request_URI ^/manual/en/ prefer-language=en
# SetEnvIf Request_URI ^/manual/fr/ prefer-language=fr
# SetEnvIf Request_URI ^/manual/ja/ prefer-language=ja
# SetEnvIf Request_URI ^/manual/ko/ prefer-language=ko
# SetEnvIf Request_URI ^/manual/ru/ prefer-language=ru
# RedirectMatch 301 ^/manual(?:/(de|en|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
#</Directory>

#
# ScriptAlias: This controls which directories contain server scripts.


<Location /manual>
Options Multiviews
ErrorDocument 404 "The document you requested has not been installed on your system. Please install either apache-manual or apache2-manual RPMs.
</Location>
<Location /manual-2.0>
Options Multiviews
ErrorDocument 404 "The document you requested has not been installed on your system. Please install the apache2-manual package.
</Location>
<Location /manual-1.3>
Options Multiviews
ErrorDocument 404 "The document you requested has not been installed on your system. Please install the apache-manual package.
</Location>

#
# Customize behaviour based on the browser
#
<IfModule mod_setenvif.c>

#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carfully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully

</IfModule>
# End of browser customization directives

#
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
<IfModule mod_access.c>
Order deny,allow
Deny from all
allow from 127.0.0.1
#Allow from .your_domain.com
</IfModule>
</Location>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
</IfModule>

#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
<IfModule mod_info.c>
<Location /server-info>
SetHandler server-info
<IfModule mod_access.c>
Order deny,allow
Deny from all
allow from 127.0.0.1
# Allow from .your_domain.com
</IfModule>
</Location>
</IfModule>

<IfModule mod_perl.c>
<Location /perl-status>
SetHandler perl-script
<IfDefine !APACHE2>
PerlHandler Apache::Status
</IfDefine>
<IfDefine APACHE2>
PerlResponseHandler Apache::Status
</IfDefine>
<IfModule mod_access.c>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</IfModule>
</Location>
</IfModule>

#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
#<Location /cgi-bin/phf*>
# Deny from all
# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>

<IfModule mod_include.c>
# XBitHack on
</IfModule>

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory /var/www/html>

#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "SymLinksifOwnerMatch", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options -Indexes MultiViews

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
<IfModule mod_access.c>
order deny,allow
allow from all
</IfModule>
</Directory>

<Directory /var/www/perl>
AllowOverride All
Options -Indexes FollowSymLinks MultiViews ExecCGI
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

<IfModule mod_cgid.c>
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock /cgisock
</IfModule>

<Directory /var/www/cgi-bin>
AllowOverride All
Options ExecCGI
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

<Directory /var/www/protected-cgi-bin>
AllowOverride All
Options ExecCGI
<IfModule mod_access.c>
Order deny,allow
Deny from all
Allow from 127.0.0.1
#allow from .your_domain.com
</IfModule>
</Directory>

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>

# These settings are pretty flexible, and allow for Frontpage and XSSI
<Directory /home/*/public_html>
AllowOverride None
Options MultiViews -Indexes Includes FollowSymLinks
<IfModule mod_access.c>
order allow,deny
allow from all
</IfModule>
</Directory>

<Directory /home/*/public_html/cgi-bin>
Options +ExecCGI -Includes -Indexes
SetHandler cgi-script
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>


<IfModule mod_perl.c>
<Directory /home/*/public_html/perl>
SetHandler perl-script
<IfDefine !APACHE2>
PerlHandler Apache::PerlRun
</IfDefine>
<IfDefine APACHE2>
PerlResponseHandler ModPerl::PerlRun
</IfDefine>
Options -Indexes ExecCGI
PerlSendHeader On
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
</IfModule>

<Directory /var/www/icons>
Options -Indexes MultiViews
AllowOverride None
<IfModule mod_access.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>

<Directory /usr/share/doc>
Options Indexes FollowSymLinks
<IfModule mod_access.c>
Order deny,allow
Deny from all
Allow from 127.0.0.1
#allow from .your_domain.com
</IfModule>
</Directory>

<Directory /var/www/html/addon-modules>
Options Indexes FollowSymLinks
</Directory>

<Location /index.shtml>
Options +Includes
</Location>

<IfModule mod_perl.c>
<IfDefine !APACHE2>
PerlModule Apache::Registry
</IfDefine>

#set Apache::Registry Mode for /perl Alias
<Location /perl/*.pl>
SetHandler perl-script
<IfDefine !APACHE2>
PerlHandler Apache::Registry
</IfDefine>
<IfDefine APACHE2>
PerlResponseHandler ModPerl::Registry
</IfDefine>
Options -Indexes ExecCGI
PerlSendHeader On
</Location>

#set Apache::PerlRun Mode for /cgi-perl Alias
<Location /cgi-perl/*.pl>
SetHandler perl-script
<IfDefine !APACHE2>
PerlHandler Apache::PerlRun
</IfDefine>
<IfDefine APACHE2>
PerlResponseHandler ModPerl::PerlRun
</IfDefine>
Options -Indexes ExecCGI
PerlSendHeader On
</Location>
</IfModule>
 
Old 06-20-2004, 04:20 PM   #4
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,743
Blog Entries: 4

Rep: Reputation: 76
If you want to serve files from your /home/*/public_html you need to set execute permissions on the directories. You are getting 403 forbidden errors because apache cannot traverse to /home/user you need to chmod a+x /home/user and /home/user/public_html

This will allow anyone to enter your home directory, but not ls the contents. Perhaps not very secure, but it is the way it must be if you want to serve files out of your home directory.

The files in public_html will need to be world-readable as well....
 
Old 06-20-2004, 05:30 PM   #5
cavemanf16
LQ Newbie
 
Registered: Oct 2003
Distribution: Mandrake 10.1
Posts: 17

Original Poster
Rep: Reputation: 0
FINALLY!

Excellent! That solved the problem immediately. For some reason that is never explicitely stated in anything I've found online so far. Or maybe I missed, but anyways, thanks!
 
Old 07-05-2004, 04:24 AM   #6
Mankind75
Member
 
Registered: Apr 2004
Location: Brome, Lower Saxony, Germany
Distribution: Slackware, OpenMandriva
Posts: 71

Rep: Reputation: 17
Quote:
Originally posted by bulliver
If you want to serve files from your /home/*/public_html you need to set execute permissions on the directories. You are getting 403 forbidden errors because apache cannot traverse to /home/user you need to chmod a+x /home/user and /home/user/public_html
Worked fine for me too. But I noticed that with my Mandrake 10 distribution, permissions (execute) for /home and /home/username are being reset after a certain amount of time. Is there any way to make the change permanent or to have script run every 10 minutes etc. to make sure the right permissions are kept?
 
Old 07-08-2004, 05:43 AM   #7
Mankind75
Member
 
Registered: Apr 2004
Location: Brome, Lower Saxony, Germany
Distribution: Slackware, OpenMandriva
Posts: 71

Rep: Reputation: 17
Quote:
Originally posted by Mankind75
Worked fine for me too. But I noticed that with my Mandrake 10 distribution, permissions (execute) for /home and /home/username are being reset after a certain amount of time.
Found the solution for that one: Mandrake runs msec every hour using the configuration files in /usr/share/msec/perm.* where * indicates the security level defined during installation (5-paranoid).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Root/Home Directory and setting up FTP for home directories? Mankind75 Linux - Newbie 6 07-23-2006 02:37 PM
Unable to access home directory zillah Solaris / OpenSolaris 50 07-07-2005 07:39 AM
unable to Mount server home directory to clients abhishek124 Linux - Networking 1 06-24-2005 02:44 AM
Others should not access my home directory. u4u Linux - General 3 01-16-2005 09:28 AM
can i set ~/public_html/perl as a perl directory for apache? doublefailure Linux - Networking 1 07-09-2002 04:31 PM


All times are GMT -5. The time now is 01:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration