Apache web access "Forbidden"
 

Hello,

Trying to setup Apache for my own use wtih MRTG (in other words, I don't plan on using this as a public web server). Using Apache 2.0.48 on Fedora Core 1.

If I put a file in the default document root of /var/www/html, I can see that file in my browser. But I want to put the MRTG files in a directory below the doc root (ie: /var/www/html/mrtg/index.html) when I try to hit this with my browser, I get:

Forbidden

You don't have permission to access /mrtg on this server.

My httpd error logs also have the following entries:
Directory index forbidden by rule: /var/www/html/
client denied by server configuration: /var/www/mrtg

Searching this site and other various Linux resource sites, I noticed the common response to a question like mine is to check the permissions of the directory. Here's what I've done:

chmod 755 /var/www/html/mrtg - not working
chmod -R 755 /var/www/html - not working
chmod -R 777 /var/www/html - not working
changed owner and group of doc root dir's to apache - not working
changed owner and group of mrtg dir to apache - not working

...so I think maybe I have a problem with my httpd.conf file. The most relevant part of this file seems to be the <Directory...> section so here it is:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Any ideas? I've used Apache for MRTG many times in the past using RH 7,8,9 and all I had to do was load the service and it always just worked. As an extra step I even took the httpd.conf file from a working RH9 setup and copied it to my Fedora machine; as you might have guessed, it didn't work (got the same message)

Thoughts, Thanks.

firewall? iptables?
is it set to default port 80?

Notice I mentioned, "If I put a file in the default document root of /var/www/html, I can see that file in my browser." The web server is working - I just can't see directories below the document root.

Other ideas...?

Re: Apache web access "Forbidden"
 

Not sure, but I think you either need the Indexes option in the Directory / section, or you need to remove the AllowOverride None directive from the same section. I think you need one of these changes if you want to be able to navigate to the MRTG directory from the root directory. However, I would have expected that a chmod -R 777 * exceuted in /var/www/html by root would have fixed the case where you type the full URL.

found this btw:

"If your web site contains some directories, you can specify aliases in the Alias and redirects section. For example, if you have a complex directory tree containing your web pages, you can simplify the navigation by creating aliases. Instead of pointing your browser to http://www.example.com/foo/bar/again/and/more, just use http://www.example.com/morestuff in Document directory aliases. The second part of the screen is dedicated to redirections, which let you redirect a part of your web address to a specific web page or directory."

from: http://www.mandrakeuser.org/docs/mdo...tp-config.html

it is related to webmin however it might give you some insight or ideas.

pingswept is right. I had that same problem several times, and it always turned out to be the Directory Index section of httpd.conf, virtual server, or a permissions issue.

Thanks for the replies.

I tried the Indexes option and removing the AllowOverride None options and neither of those helped. Any other thoughts?

does root own the directories?
If so change ownership and group to yourself.

From my original post:

"changed owner and group of doc root dir's to apache - not working
changed owner and group of mrtg dir to apache - not working"

Just to make sure, I did an 'll' from the /var/www directory; results:

drwxr-xr-x 4 apache apache 20480 Mar 3 11:25 html

...and another 'll' from the /var/www/html directory:

drwxr-xr-x 2 apache apache 4096 Mar 2 17:49 mrtg
drwxr-xr-x 2 webalizer root 4096 Mar 3 09:59 usage

...all the files in the mrtg directory are also owned by apache.

For fun I changed the user for the directory and files to my personal login ID but that didn't work either.

Thanks for coming up with ideas...!

W.

OK, this is Twilight Zone material...

So I'm playing around with this a bit more and decide to try changing my document root to /var/www/html/mrtg and guess what, it works !?! So then I try creating another directory below this directory called 'test' and it works so then I try some more things after setting the document root back to it's default (/var/www/html)...

- wipe out the contents of the document root
- create a directory called 'mrtg', put a html file in it and test. FAILS (forbidden)
- create another directory ('foobar'), put same html file in it, and test... WORKS
- create even another directory ('mrrtg'), put file in and test... WORKS
- create yet another directory ('test'), put file in and test... WORKS
- remove 'mrtg' directory, recreate it, put file in and test... FAILS
- change the document root to /var/www/html/mrtg and test... WORKS
- create directory in the new doc root called 'test', test file... WORKS
- create directory in the new doc root called 'mrtg', test file... FAILS

OK, so what's up with having a directory called 'mrtg'???? It makes no sense to me. I did a search on my httpd.conf file to see if there was some kind of filter on the name 'mrtg (if this was something that was even possible), but nothing. I guess I can go through life without ever naming a directory on my web server 'mrtg', but now I'm interested in knowing why.

Just to make sure the problem wasn't my test file (I was using MRTG html files as test files at first - I wanted to make sure these files weren't causing the problem), I created my own simple test file shown below:
________________________________
#<html>
#<body>
#This is a test page - please disregard
#</body>
#</html>
--------------------------------------------------------
Any other ideas...???

W.

Kind of basic, but...
 

have you cycled the web server since you did these various changes?

I think that that is necessary to get Apache to re-read httpd.conf. If you haven't done so, doing a "service httpd restart" should do it in Fedora. Maybe doing a kill -HUP on the pid or some apachectl command also, but I'm not an Apache guru and usually just do the "service...restart" thing.

I just played with my Fedora server's httpd.conf. I could access from another host the document root and subdirectories, but not from localhost (I've changed the allow all in the "<Directory "/var/www/html">" section to my subnet. I added 127.0.0.1 and could then access a directory under the document root from the localhost, similar to what you are trying.

Unless the "Allow from all" doesn't do what it should for some weird reason then the only thing that I can think of is cycling the web server.

I had the same prob with dir's called images .... couldn't see anything in them... but instead of forbiden, I got the 404 error.. never did find anything on how to fix it.. hopefully someone in here will be able to 'enlighten' us..

Jesse

ok, guess I was playing and posting while you were, wswartz, and
 

not sure how to interpret what you posted just above my post, but I did have an idea and just confirmed it.

On my Fedora system (kitchen sink install, though I've not played with mrtg), I have a /var/www/mrtg...that is there is an mrtg subdirectory alongside the document root. Somehow maybe your system is getting confused with the two mrtg directories, one at /var/www/html/mrtg and one at /var/www/mrtg. To quote your original post:

"client denied by server configuration: /var/www/mrtg"

Not sure if because of an environment variable pointing at mrtg or what, but I think that it's somehow access to that directory that's being denied.

Steve,
To answer your first querstion, yes, after each change of the httpd.conf file I would restart the web server service. Not necessarly after every test, but I just did that now with no change.

But you may be on to something. From my last testing session, the only file in my document root (/var/www/html) was my test.html file. I started the web server, brought up a browser and simpy typed "http://127.0.0.1" and got the MRTG main screen (MRTG's index.html). With no index.html file in my doc root, I should have got Apache Test Page. As you noted, Steve, I do have a directory called /var/www/mrtg (above the document root). So I played some more:

- renamed directory /var/www/mrtg to /var/www/foobar and tested browser by hitting http://127.0.0.1... got Apache Test Page
- created directory /var/www/html/mrtg, put my test file in it and tested... Forbidden (no change from previous indications)
- renamed directory /var/www/foobar back to /var/www/mrtg then moved this directory to /root
- tested access to /var/www/html/mrtg/test.html... still Forbidden
- moved /root/mrtg directory back to /var/www (the tree is now /var/www/mrtg, the way it originally was)
- tested browser with URL "http://127.0.0.1" ... got the Apache Test Page.

This last test had a different result, getting the Apache Test Page instead of the MRTG page when I tried it before. Did I break a link to something somewhere? But I still can't make an mrtg directory below the /var/www/html document root.

Strange...
W.

/etc/httpd/conf.d has a file called mrtg.conf...
 

I'm no Apache guru, but I think that the conf.d directory may be new to Apache 2.x and/or Fedora (vs. Red Hat 7/8/9.x). My /etc/httpd/conf.d/mrtg.conf:

#
# This configuration file maps the mrtg output (generated daily)
# into the URL space. By default these results are only accessible
# from the local host.
#
Alias /mrtg /var/www/mrtg

<Location /mrtg>
Order deny,allow
Deny from all
Allow from localhost
# Allow from .example.com
</Location>

This new configuration is probably what is different for you than before with mrtg, as it maps references to documentroot/mrtg to /var/www/mrtg. I just tried from my workstation (also Fedora) starting the webserver, making /var/www/html/mrtg and /var/ww/html/test. I can access, with default config ...test/index.html, but get denied trying to access mrtg/index.html.

At the moment I'm too lazy to try to fit all the data from your experiments into this model, but I'm thinking that you can do so now. One thing I don't know is how the configs from /etc/httpd/conf.d get merged with the configs from /etc/httpd/conf/httpd.conf, but I would imagine that that information is not too hard to find.

Thank you very much!!! That was it. I changed the Deny from All to Allow and it works fine. One last parting comment that doesn't require a response (just thinking out loud). If this configuration is supposed to deny access from anyone other than the localhost, why didn't it work for me all along? I've been testing this with 127.0.0.1 (localhost) all along.

Anyway, thanks for helping with this.

W.

Another similar error
 

I was actually kicking the crap out of google trying to find the same error, and i realized that you can't symlink/use "usage" as the keyword for a directory. It ALWAYS gives some kind of a forbiden error. It doesn't matter if I create it, link it, symlinks it, etc..

Just my small comment for someone who like me will spend a good 3 hours.

mrtg access forbidden
 

I too ran into this on Redhat AS 3.0 mrtg 2.9.29 ent

tried all the above stuff also to no avail.

I fixed it by renaming /var/www/html/mrtg to /var/www/html/mama (totally arbitrary) and then changed the dir path in mrtg.cfg to reflect the new name.

I have no idea why or what was blocking access to mrtg, but this is a feasable work-around

I spent about 3 hours on this including searching the web until I found this thread. The PC I had mrtg on was originally Redhat 8.0. I wiped that PC out, installed CentOS 3.4 (RHEL3 U4) and just copied back my mrtg files to /var/www/html/mrtg and mrtg.cfg into /etc/mrtg.

I ended up with the same problem since I had no idea the newer OS adds a
a /etc/httpd/conf.d/mrtg.conf to the apache config. I just removed the mrtg.conf and all is fine, however I could have just done the same thing as the OP and unrestricted the settings in mrtg.conf.

Apache web access "Forbidden"
 

I have had this same problem and spent considerable amount of time on it to find that the solution was actually an easy remedy. My access was forbidden to a single folder in /var/www/html/ but to other folders and files I was permitted to view them. The folder I couldn't view was one that was one that had previously been unzipped the rest never had to be (I created them). So create a new folder name it the same as the forbidden one and copy and paste the files into the new folder and it works fine.

sorry to dig up this old thread. In the past, it has worked for me to change the Deny all to Allow all in /etc/mrtg/mrtg.cfg but this time round, with Fedora 14m it does not work for me anymore.

Firewalls/ SELinux has been disabled.

I've given up too.

/var/www/mrtg is mapped to /etc/mrtg i guess but some permission error is going on somewhere. Adding the below
As many has tried successfully, i simply copied /var/www/html/mrtg/* to /var/www/html/mrtg1/ and load the html files from there. It works so F it. I'm sticking to this for now.