Apache: You are not authorized to ...
Hi all,
I have installed an Apache webserver. I want to have my website (www.wauters-mannaert.be) running on this server. This Apache webserver is behind an E-Tech ADSL Router on which port 80 is open. I also have Dynamic DNS working of which I'm sure it is OK. From my internal network I can perfectly view my website. However, people surfing to my site cannot access the site and get http 403 error (You are not authorized to view this page). Although I know 100% sure that my friends tried to access the page, I do not see anything in my access_log file, which I fiund strange. If people get a 403 message, you would at least expect an entry in access_log. Does anyone know what is wrong. Basically I have two questions; 1) Why do people get the message 403. Is there sth wrong with my httpd.conf file (see below) 2) Why are there no entries in the access_log. Port 80 is open on my ADSL-router Anyone help is appreciated, because I don't know what could be wrong here. Here is a part of my httpd.conf file. ## ## httpd.conf -- Apache HTTP server configuration file ## ### Section 1: Global Environment ServerType standalone ServerRoot "/usr/local/apache" #LockFile /usr/local/apache/logs/httpd.lock PidFile /usr/local/apache/logs/httpd.pid ScoreBoardFile /usr/local/apache/logs/httpd.scoreboard Timeout 300 KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 0 Listen *:80 #BindAddress * <IfDefine SSL> LoadModule ssl_module libexec/libssl.so </IfDefine> ClearModuleList AddModule mod_env.c AddModule mod_log_config.c AddModule mod_mime.c AddModule mod_negotiation.c AddModule mod_status.c AddModule mod_include.c AddModule mod_autoindex.c AddModule mod_dir.c AddModule mod_cgi.c AddModule mod_asis.c AddModule mod_imap.c AddModule mod_actions.c AddModule mod_userdir.c AddModule mod_alias.c AddModule mod_access.c AddModule mod_auth.c AddModule mod_so.c AddModule mod_setenvif.c <IfDefine SSL> AddModule mod_ssl.c </IfDefine> AddModule mod_php4.c #ExtendedStatus On ### Section 2: 'Main' server configuration Port 80 <IfDefine SSL> Listen 80 Listen 443 User apache Group apache ServerAdmin root@wauters-mannaert.be ServerName thorgal DocumentRoot "/usr/local/apache/htdocs/wauters-mannaert/" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/usr/local/apache/htdocs/wauters-mannaert/"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir public_html </IfModule> #<Directory /home/*/public_html> # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # <Limit GET POST OPTIONS PROPFIND> # Order allow,deny # Allow from all # </Limit> # <LimitExcept GET POST OPTIONS PROPFIND> # Order deny,allow # Deny from all # </LimitExcept> #</Directory> <IfModule mod_dir.c> DirectoryIndex index.html index.htm </IfModule> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> #CacheNegotiatedDocs UseCanonicalName On <IfModule mod_mime.c> TypesConfig /usr/local/apache/conf/mime.types </IfModule> DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile /usr/local/apache/conf/magic </IfModule> HostnameLookups On ErrorLog /usr/local/apache/logs/error_log LogLevel warn LogFormat "%h|%l|%u|%t|%m|%U|%q|%H|%>s|%b|%{accept-language}i" custom LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" common LogFormat "%t|%{Referer}i -> |%U" referer LogFormat "%t|%{User-agent}i" agent CustomLog /usr/local/apache/logs/access_log common CustomLog /usr/local/apache/logs/referer_log referer CustomLog /usr/local/apache/logs/browser_log agent CustomLog /usr/local/apache/logs/custom_log custom ServerSignature On # EBCDICConvertByType On=InOut text/* message/* multipart/* # EBCDICConvertByType On=In application/x-www-form-urlencoded # EBCDICConvertByType On=InOut application/postscript model/vrml # EBCDICConvertByType Off=InOut */* <IfModule mod_alias.c> Alias /icons/ "/usr/local/apache/icons/" <Directory "/usr/local/apache/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Alias /manual/ "/usr/local/apache/htdocs/manual/" <Directory "/usr/local/apache/htdocs/manual"> Options Indexes FollowSymlinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/" <Directory "/usr/local/apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </IfModule> |
They are possibly seeing your router config page? I assume that runs on port 80. Try a different port.
|
Hi,
I changed now in httpd everything from 80 to 81. In my router, I added a virtual route so that public it works on port 80 but private it goes to port 81. Is that what you mean? I cannot test, because in my private network I don't see the problem. Wim |
no the other way round - people on the outside will conenct to port 81 which forwards to port 80 on the server.
|
Thanks, of course you're right. This is the entry in my E-tech router:
public 81 private 80 protocol TCP private address 10.0.0.8 (Apache server) I left in my httpd.conf file everything on port 80 in that case. It does not seem to work? Wim |
It deosn't work? Same message or different?
What are the external users connecting to? http://your.public.ip.address:81/ or http://10.0.0.8:81/ |
They should use http://www.wauters-mannaert.be:81. I cannot test if it works. I have no 'external' computers. If you give in that URL, do you see a normal page?
|
Ok for me:
Quote:
|
Cool...Thanks a lot for your help...Last question:
Now, how can I make that my external users do not have to add the :81 at the end. I would like to do some kind of translations that if they type in www.wauters-mannaert.be, this actually means www.wauters-mannaert.be:81 Wim |
I don't think you can unless there is a way to disable the admin interface from listening on the external ip address.
|
Or I can maybe try to force my E-Tech router to work/listen on another port than 80, say 82 and then use 80 for my webserver. Hope that works...I'm not very knowledgeable on this port stuff...
|
All times are GMT -5. The time now is 07:55 PM. |