I've googled around a fair bit on this one but haven't got too far.
I have apache 1.3.34 running on slackware acting as webserver.
I've installed
mod_security and every time I start my server I get a 403 forbidden error:
Quote:
You don't have permission to access / on this server.
|
I followed the instructions
here
for applying the mod_security module to chrooting with the SecChrootDir function built into the module.
I'm assuming this error means that the permissions on my documentroot are incorrectly set. They're currently set at 755 and they are inside the root jail. The directory for the root jail is /chroot/apache, so the document root is at /chroot/apache/usr/include/apache/htdocs
Here's the relevant sections of httpd.conf:
Code:
LoadModule security_module libexec/apache/mod_security.so
LoadModule config_log_module libexec/apache/mod_log_config.so
LoadModule mime_module libexec/apache/mod_mime.so
LoadModule status_module libexec/apache/mod_status.so
LoadModule dir_module libexec/apache/mod_dir.so
LoadModule access_module libexec/apache/mod_access.so
LoadModule auth_module libexec/apache/mod_auth.so
User apache
Group apache
DocumentRoot "/usr/include/apache/htdocs"
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory "/usr/include/apache/htdocs">
Order allow,deny
Allow from all
Options None
AllowOverride None
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
UseCanonicalName Off
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/apache/error_log
ServerSignature off
ServerTokens Prod
<IfModule mod_security.c>
# Chroot directive
SecChrootDir /chroot/apache
</IfModule
The apache error log shows the chroot directive being applied successfully and it explains the forbidden error with:
Code:
[Fri Mar 31 21:52:01 2006] [error] [client 70.19.178.141] (13)Permission denied: access to / failed because search permissions are missing on a component of the path
Can anyone help me on this one? I'm a bit new to both chrooting and apache.
Cheers