LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-12-2004, 02:32 PM   #1
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Rep: Reputation: 15
Apache web access "Forbidden"


Hello,

Trying to setup Apache for my own use wtih MRTG (in other words, I don't plan on using this as a public web server). Using Apache 2.0.48 on Fedora Core 1.

If I put a file in the default document root of /var/www/html, I can see that file in my browser. But I want to put the MRTG files in a directory below the doc root (ie: /var/www/html/mrtg/index.html) when I try to hit this with my browser, I get:

Forbidden

You don't have permission to access /mrtg on this server.

My httpd error logs also have the following entries:
Directory index forbidden by rule: /var/www/html/
client denied by server configuration: /var/www/mrtg

Searching this site and other various Linux resource sites, I noticed the common response to a question like mine is to check the permissions of the directory. Here's what I've done:

chmod 755 /var/www/html/mrtg - not working
chmod -R 755 /var/www/html - not working
chmod -R 777 /var/www/html - not working
changed owner and group of doc root dir's to apache - not working
changed owner and group of mrtg dir to apache - not working

...so I think maybe I have a problem with my httpd.conf file. The most relevant part of this file seems to be the <Directory...> section so here it is:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Any ideas? I've used Apache for MRTG many times in the past using RH 7,8,9 and all I had to do was load the service and it always just worked. As an extra step I even took the httpd.conf file from a working RH9 setup and copied it to my Fedora machine; as you might have guessed, it didn't work (got the same message)

Thoughts, Thanks.
 
Old 03-12-2004, 03:59 PM   #2
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
firewall? iptables?
is it set to default port 80?
 
Old 03-12-2004, 04:24 PM   #3
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Notice I mentioned, "If I put a file in the default document root of /var/www/html, I can see that file in my browser." The web server is working - I just can't see directories below the document root.

Other ideas...?
 
Old 03-12-2004, 07:16 PM   #4
pingswept
Member
 
Registered: May 2003
Location: Cambridge, MA
Distribution: SuSE, RedHat, and OpenBSD
Posts: 116

Rep: Reputation: 15
Re: Apache web access "Forbidden"

Quote:
Originally posted by wswartz


...so I think maybe I have a problem with my httpd.conf file. The most relevant part of this file seems to be the <Directory...> section so here it is:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Not sure, but I think you either need the Indexes option in the Directory / section, or you need to remove the AllowOverride None directive from the same section. I think you need one of these changes if you want to be able to navigate to the MRTG directory from the root directory. However, I would have expected that a chmod -R 777 * exceuted in /var/www/html by root would have fixed the case where you type the full URL.
 
Old 03-13-2004, 01:26 AM   #5
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
found this btw:

"If your web site contains some directories, you can specify aliases in the Alias and redirects section. For example, if you have a complex directory tree containing your web pages, you can simplify the navigation by creating aliases. Instead of pointing your browser to http://www.example.com/foo/bar/again/and/more, just use http://www.example.com/morestuff in Document directory aliases. The second part of the screen is dedicated to redirections, which let you redirect a part of your web address to a specific web page or directory."

from: http://www.mandrakeuser.org/docs/mdo...tp-config.html

it is related to webmin however it might give you some insight or ideas.
 
Old 03-13-2004, 08:44 AM   #6
BrettPower
Member
 
Registered: Aug 2003
Location: Daytona Beach, FL
Distribution: Gentoo and FC3
Posts: 65

Rep: Reputation: 15
pingswept is right. I had that same problem several times, and it always turned out to be the Directory Index section of httpd.conf, virtual server, or a permissions issue.
 
Old 03-16-2004, 07:57 AM   #7
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Thanks for the replies.

I tried the Indexes option and removing the AllowOverride None options and neither of those helped. Any other thoughts?
 
Old 03-16-2004, 11:34 AM   #8
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
does root own the directories?
If so change ownership and group to yourself.
 
Old 03-16-2004, 07:28 PM   #9
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Original Poster
Rep: Reputation: 15
From my original post:

"changed owner and group of doc root dir's to apache - not working
changed owner and group of mrtg dir to apache - not working"

Just to make sure, I did an 'll' from the /var/www directory; results:

drwxr-xr-x 4 apache apache 20480 Mar 3 11:25 html

...and another 'll' from the /var/www/html directory:

drwxr-xr-x 2 apache apache 4096 Mar 2 17:49 mrtg
drwxr-xr-x 2 webalizer root 4096 Mar 3 09:59 usage

...all the files in the mrtg directory are also owned by apache.

For fun I changed the user for the directory and files to my personal login ID but that didn't work either.

Thanks for coming up with ideas...!

W.
 
Old 03-16-2004, 08:49 PM   #10
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Original Poster
Rep: Reputation: 15
OK, this is Twilight Zone material...

So I'm playing around with this a bit more and decide to try changing my document root to /var/www/html/mrtg and guess what, it works !?! So then I try creating another directory below this directory called 'test' and it works so then I try some more things after setting the document root back to it's default (/var/www/html)...

- wipe out the contents of the document root
- create a directory called 'mrtg', put a html file in it and test. FAILS (forbidden)
- create another directory ('foobar'), put same html file in it, and test... WORKS
- create even another directory ('mrrtg'), put file in and test... WORKS
- create yet another directory ('test'), put file in and test... WORKS
- remove 'mrtg' directory, recreate it, put file in and test... FAILS
- change the document root to /var/www/html/mrtg and test... WORKS
- create directory in the new doc root called 'test', test file... WORKS
- create directory in the new doc root called 'mrtg', test file... FAILS

OK, so what's up with having a directory called 'mrtg'???? It makes no sense to me. I did a search on my httpd.conf file to see if there was some kind of filter on the name 'mrtg (if this was something that was even possible), but nothing. I guess I can go through life without ever naming a directory on my web server 'mrtg', but now I'm interested in knowing why.

Just to make sure the problem wasn't my test file (I was using MRTG html files as test files at first - I wanted to make sure these files weren't causing the problem), I created my own simple test file shown below:
________________________________
#<html>
#<body>
#This is a test page - please disregard
#</body>
#</html>
--------------------------------------------------------
Any other ideas...???

W.
 
Old 03-16-2004, 09:07 PM   #11
lnxconvrt
Member
 
Registered: Mar 2002
Location: Houston
Distribution: FC3, Manrake 10.x, various others at times
Posts: 113

Rep: Reputation: 18
Kind of basic, but...

have you cycled the web server since you did these various changes?

I think that that is necessary to get Apache to re-read httpd.conf. If you haven't done so, doing a "service httpd restart" should do it in Fedora. Maybe doing a kill -HUP on the pid or some apachectl command also, but I'm not an Apache guru and usually just do the "service...restart" thing.

I just played with my Fedora server's httpd.conf. I could access from another host the document root and subdirectories, but not from localhost (I've changed the allow all in the "<Directory "/var/www/html">" section to my subnet. I added 127.0.0.1 and could then access a directory under the document root from the localhost, similar to what you are trying.

Unless the "Allow from all" doesn't do what it should for some weird reason then the only thing that I can think of is cycling the web server.
 
Old 03-16-2004, 09:08 PM   #12
tuxguy
Member
 
Registered: Mar 2004
Location: North Bay, Ontario - CANADA
Distribution: Debian
Posts: 77

Rep: Reputation: 15
I had the same prob with dir's called images .... couldn't see anything in them... but instead of forbiden, I got the 404 error.. never did find anything on how to fix it.. hopefully someone in here will be able to 'enlighten' us..

Jesse
 
Old 03-16-2004, 09:20 PM   #13
lnxconvrt
Member
 
Registered: Mar 2002
Location: Houston
Distribution: FC3, Manrake 10.x, various others at times
Posts: 113

Rep: Reputation: 18
ok, guess I was playing and posting while you were, wswartz, and

not sure how to interpret what you posted just above my post, but I did have an idea and just confirmed it.

On my Fedora system (kitchen sink install, though I've not played with mrtg), I have a /var/www/mrtg...that is there is an mrtg subdirectory alongside the document root. Somehow maybe your system is getting confused with the two mrtg directories, one at /var/www/html/mrtg and one at /var/www/mrtg. To quote your original post:

"client denied by server configuration: /var/www/mrtg"

Not sure if because of an environment variable pointing at mrtg or what, but I think that it's somehow access to that directory that's being denied.
 
Old 03-17-2004, 04:36 PM   #14
wswartz
Member
 
Registered: Nov 2003
Posts: 56

Original Poster
Rep: Reputation: 15
Steve,
To answer your first querstion, yes, after each change of the httpd.conf file I would restart the web server service. Not necessarly after every test, but I just did that now with no change.

But you may be on to something. From my last testing session, the only file in my document root (/var/www/html) was my test.html file. I started the web server, brought up a browser and simpy typed "http://127.0.0.1" and got the MRTG main screen (MRTG's index.html). With no index.html file in my doc root, I should have got Apache Test Page. As you noted, Steve, I do have a directory called /var/www/mrtg (above the document root). So I played some more:

- renamed directory /var/www/mrtg to /var/www/foobar and tested browser by hitting http://127.0.0.1... got Apache Test Page
- created directory /var/www/html/mrtg, put my test file in it and tested... Forbidden (no change from previous indications)
- renamed directory /var/www/foobar back to /var/www/mrtg then moved this directory to /root
- tested access to /var/www/html/mrtg/test.html... still Forbidden
- moved /root/mrtg directory back to /var/www (the tree is now /var/www/mrtg, the way it originally was)
- tested browser with URL "http://127.0.0.1" ... got the Apache Test Page.

This last test had a different result, getting the Apache Test Page instead of the MRTG page when I tried it before. Did I break a link to something somewhere? But I still can't make an mrtg directory below the /var/www/html document root.

Strange...
W.
 
Old 03-17-2004, 10:17 PM   #15
lnxconvrt
Member
 
Registered: Mar 2002
Location: Houston
Distribution: FC3, Manrake 10.x, various others at times
Posts: 113

Rep: Reputation: 18
/etc/httpd/conf.d has a file called mrtg.conf...

I'm no Apache guru, but I think that the conf.d directory may be new to Apache 2.x and/or Fedora (vs. Red Hat 7/8/9.x). My /etc/httpd/conf.d/mrtg.conf:

#
# This configuration file maps the mrtg output (generated daily)
# into the URL space. By default these results are only accessible
# from the local host.
#
Alias /mrtg /var/www/mrtg

<Location /mrtg>
Order deny,allow
Deny from all
Allow from localhost
# Allow from .example.com
</Location>

This new configuration is probably what is different for you than before with mrtg, as it maps references to documentroot/mrtg to /var/www/mrtg. I just tried from my workstation (also Fedora) starting the webserver, making /var/www/html/mrtg and /var/ww/html/test. I can access, with default config ...test/index.html, but get denied trying to access mrtg/index.html.

At the moment I'm too lazy to try to fit all the data from your experiments into this model, but I'm thinking that you can do so now. One thing I don't know is how the configs from /etc/httpd/conf.d get merged with the configs from /etc/httpd/conf/httpd.conf, but I would imagine that that information is not too hard to find.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Forbidden access to soft link on apache web server bnj Linux - Software 3 05-03-2005 08:14 AM
Apache "Connection was refused" remote access error spicychicken Linux - Newbie 7 02-11-2005 12:14 PM
Apache 2, "Forbidden" TazG Linux - Software 2 05-30-2004 07:33 PM
Uploading web pages; get "access forbidden" when I load them in browser! Thermodynamic Linux - Software 1 04-03-2004 05:52 PM
"X-MS" cant open because "x-Multimedia System" cant access files at "smb&qu ponchy5 Linux - Networking 0 03-29-2004 11:18 PM


All times are GMT -5. The time now is 08:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration