Apache 2.0.47 "Forbidden You don't have permission to access / on this server"
Hi All,
I'm encountering the same problem here too. Sorry to ride on your questions here. I hope someone can help me here too. Below is my httpd.conf and file directory permission. I'm using Apache 2.0.47 and I'm encountering problem on my website www.asiacni.com.sg ServerName linux ServerRoot "/opt/IBMIHS" PidFile logs/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 10 <IfModule worker.c> ThreadLimit 25 ServerLimit 640 StartServers 50 MaxClients 1000 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> Listen 165.21.60.53:80 LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so #LoadModule auth_anon_module modules/mod_auth_anon.so #LoadModule auth_dbm_module modules/mod_auth_dbm.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so #LoadModule cern_meta_module modules/mod_cern_meta.so #LoadModule expires_module modules/mod_expires.so #LoadModule headers_module modules/mod_headers.so #LoadModule usertrack_module modules/mod_usertrack.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so #LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule mime_module modules/mod_mime.so #LoadModule dav_module modules/mod_dav.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so #LoadModule cgid_module modules/mod_cgid.so #LoadModule dav_fs_module modules/mod_dav_fs.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule dir_module modules/mod_dir.so #LoadModule imap_module modules/mod_imap.so LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so #LoadModule deflate_module modules/mod_deflate.so LoadModule status_module modules/mod_status.so <IfModule mod_status.c> ExtendedStatus On </IfModule> User nobody Group nobody ServerAdmin you@your.address UseCanonicalName Off DocumentRoot "/www" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/opt/IBMIHS/htdocs/en_US"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> UserDir public_html DirectoryIndex index.html index.html.var index.htm AccessFileName .htaccess DefaultType text/plain AddType text/html htm html <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off EnableSendfile on ErrorLog logs/error_log LogLevel debug LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log common ServerTokens Full ServerSignature On Alias /WSsamples /opt/WebSphere/AppServer/WSsamples Alias /IBMWebAS/ /opt/WebSphere/AppServer/web/ Alias /icons/ "/opt/IBMIHS/icons/" <Directory "/opt/IBMIHS/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Alias /manual "/opt/IBMIHS/manual" <Directory "/opt/IBMIHS/manual"> Options Indexes FollowSymLinks MultiViews IncludesNoExec AddOutputFilter Includes html AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "/opt/IBMIHS/cgi-bin/" <IfModule mod_cgid.c> </IfModule> <Directory "/opt/IBMIHS/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> IndexOptions FancyIndexing VersionSort AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ DefaultIcon /icons/unknown.gif ReadmeName README.html HeaderName HEADER.html IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddType application/x-tar .tgz AddType image/x-icon .ico AddType application/x-shockwave-flash .swf .PLMF .plmf AddHandler type-map var BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully NameVirtualHost 165.21.60.53 ######## www.directories-today.com ######## <VirtualHost 165.21.60.53> ServerName www.yellowpages.com.sg ServerAlias www.yellowpage.com.sg ServerAlias yellowpages.com.sg ServerAlias yellowpage.com.sg ServerAlias www.yellowpage.sg ServerAlias www.yellowpages.sg ServerAlias www.singmap.com ServerAlias www.singmap.com.sg ServerAlias www.singmap.sg DocumentRoot /www/www.yellowpages.com.sg ErrorLog /wwwlog/iyp-log/www.iyp-web3.com-error.log CustomLog /wwwlog/iyp-log/www.iyp-web3.com-access.log combined ErrorDocument 404 http://www.yellowpages.com.sg/ypinfo/404.html ErrorDocument 500 http://www.yellowpages.com.sg/ypinfo/500.html Alias /tmlogo/ /www/www.yellowpages.com.sg/idsnumber/tmlogo/ Alias /tmlogo1/ /www/www.yellowpages.com.sg/idsnumber/tmlogo1/ Alias /display_ads/ /www/www.yellowpages.com.sg/idsnumber/display_ads/ Alias /images /www/www.yellowpages.com.sg/images/ ##### edm under project ##### Alias /tin-toy/ /www/www.yellowpages.com.sg/project/tin-toy/ Alias /royalelogistcs/ /www/www.yellowpages.com.sg/project/royalelogistcs/ Alias /pioneer/ /www/www.yellowpages.com.sg/project/pioneer/ Alias /learningcapital/ /www/www.yellowpages.com.sg/project/learningcapital/ Alias /informatics/ /www/www.yellowpages.com.sg/project/informatics/ Alias /honda/ /www/www.yellowpages.com.sg/project/honda/ Alias /spa-esprit/ /www/www.yellowpages.com.sg/project/spa-esprit/ Alias /global-entrepolis/ /www/www.yellowpages.com.sg/project/global-entrepolis/ Alias /connoisseur/ /www/www.yellowpages.com.sg/project/connoisseur/ Alias /clearvision/ /www/www.yellowpages.com.sg/project/clearvision/ Alias /bodywellness/ /www/www.yellowpages.com.sg/project/bodywellness/ Alias /singtel/ /www/www.yellowpages.com.sg/project/singtel/ ScriptAlias /cgi-bin/ /www/www.yellowpages.com.sg/cgi-bin/ RewriteEngine on RewriteCond /www/www.yellowpages.com.sg/idsnumber/$1 -d RewriteRule ^/([0-9]{7}c?)/(.*)? /www/www.yellowpages.com.sg/idsnumber/$1/$2 RewriteRule ^/([0-9]{7}c?)$ /$1/ [L,R] RewriteRule ^/([0-9]{8}c?)/(.*)? /www/www.yellowpages.com.sg/idsnumber/$1/$2 RewriteRule ^/([0-9]{8}c?)$ /$1/ [L,R] </VirtualHost> ######## www.directories-today.com ######## <VirtualHost 165.21.60.53> ServerName www.directories-today.com DocumentRoot /www/www.directories-today.com ErrorLog /wwwlog/corp-log/www.directories-today.com/www.directories-today.com-error.log CustomLog /wwwlog/corp-log/www.directories-today.com/www.directories-today.com-access.log combined </VirtualHost> ######## wildcard.yellowpages.com.sg ######## #This host catches all requests not handled by another named-based virtual host #This must be come after other name-based hosts to allow them to match first <VirtualHost 165.21.60.53> ServerName wildcard.yellowpages.com.sg DocumentRoot /www/www.yellowpages.com.sg ErrorLog /wwwlog/wild-log/wildcard-57.yellowpages.com.sg-error.log CustomLog /wwwlog/wild-log/wildcard-57.yellowpages.com.sg-access.log combined ServerAlias * DirectoryIndex 404.html </VirtualHost> ######## www.asiacni.com.sg ######## <VirtualHost 165.21.60.53> ServerName www.asiacni.com.sg DirectoryIndex index.htm DocumentRoot /www/www.asiacni.com.sg ErrorLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-error.log CustomLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-access.log combined </VirtualHost> <VirtualHost 165.21.60.53> ServerName www.asiacni.com DirectoryIndex index.htm DocumentRoot /www/www.asiacni.com ServerAdmin webmaster@yellowpages.com.sg ErrorLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-error.log CustomLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-access.log combined </VirtualHost> <VirtualHost 165.21.60.53> ServerName www.asiacni.net DirectoryIndex index.htm DocumentRoot /www/www.asiacni.com.sg ErrorLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-error.log CustomLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-access.log combined </VirtualHost> <VirtualHost 165.21.60.53> ServerName www.asiacni.org DirectoryIndex index.htm DocumentRoot /www/www.asiacni.com.sg ErrorLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-error.log CustomLog /wwwlog/corp-log/www.asiacni.com.sg/iyp-web3.asiacni.com.sg-access.log combined </VirtualHost> ######## www.asiacni.com.sg ######## LoadModule was_ap20_module /opt/WebSphere/AppServer/bin/mod_was_ap20_http.so WebSpherePluginConfig /opt/WebSphere/AppServer/config/cells/plugin-cfg.xml ls -lrt /www total 44 drwxrwxr-x 5 apps_s users 4096 Mar 16 15:54 www.directories-today.com drwxrwxr-x 2 apps_s users 16384 Jun 19 22:43 lost+found drwxrwxr-x 69 apps_s users 4096 Jun 21 16:52 www.yellowpages.com.sg drwxrwxr-x 2 apps_s users 4096 Jun 22 17:30 www.asiacni.com.sg drwxrwxr-x 4 apps_s users 12288 Jun 26 09:51 log_archive drwxrwxr-x 2 apps_s users 4096 Jun 27 17:31 www.asiacni.com Thanks alot in advance. |
Use 'User/group' option correctly
Quote:
You didn't set ok the user/group permissions for apache server. You'd put "User apps_s" or "Group users" for apached. And an advice: you can use several sites-availables and sites-anabled instead of an unique httpd.conf for doing better maintenance for apache2 (look at /etc/apache2 directory). |
Hi emi_ramo,
Can I know more about what you mean here? I can't get what you mean here. Sorry about my language here. |
Ok:
* In the httpd.conf config file you've got two lines that determine the user and group with which is run the apache2 server/daemon. These two lines are these beginning with "User" and "Group", respectively. The user/group you put in these lines have to have read permissions to the web directory and, if this is a web server that needs to write to disk, the user/group have to have also write permissions to that directory. So, if your web directory are owned by the user/group "apps_s/users", you should put "User apps_s" and "Group users" in these lines to let the daemon access correctly to the directory and files. * I think it was in apache2 version, don't know wich, appeared two directories in "/etc/apache2" called "sites-available" and "sites-enabled". In the first there are the config files for the servers you can run, one for each server. In the second one, you put symbolic links to the files in the first, having the possibility to configure several web servers and only run some of them (these wich are linked to sites-enabled are wich will be run). With this kind of configuration you get a clearer and easy-to-update config of your web servers. And you can declare each server for separated User/Group! So, users on your system will be able to have their own web page with their own permissions. |
Hi emi_ramo,
Thanks amillion for explaining to me. You are fantastic. I'm currently using IBM Apache version 2.0.47 and all my websites reside in a directory called /www. I did not use the users apps_s and groups users cause they are the owners group and if I do that I scare they will be able to see the files listing and edit the files online when I start in that group. I understand that using the users with nobody and group nobody. Please correct me if I'm wrong. I do not have the 2 sites available nor the other one. :newbie: here |
Quote:
If you finally want your deamon running as nobody, www directories should have read acces for others (chmod -R o+r /www will do it). But I'm not sure nobody is treatet as an others user for all groups or not.... Just try!! ;) |
Hi emi_ramo,
Below is my directory permission. ls -lrt /www total 44 drwxrwxr-x 5 apps_s users 4096 Mar 16 15:54 www.directories-today.com drwxrwxr-x 2 apps_s users 16384 Jun 19 22:43 lost+found drwxrwxr-x 69 apps_s users 4096 Jun 21 16:52 www.yellowpages.com.sg drwxrwxr-x 2 apps_s users 4096 Jun 22 17:30 www.asiacni.com.sg drwxrwxr-x 4 apps_s users 12288 Jun 26 09:51 log_archive drwxrwxr-x 2 apps_s users 4096 Jun 27 17:31 www.asiacni.com I have given read and execute for other users but it's still not showing. Can confimr with you that my httpd.conf looks correct, right? Only for the users and groups you brought up before in this thread. |
Hi emi_ramo,
Just an update here, I'm using iptables to loadbalancer another IP here to load the website www.asiacni.com.sg. Another website on this IP is working fine but not www.asiacni.com.sg /sbin/iptables -t nat -A PREROUTING -d 165.21.60.68 -j REDIRECT |
Hi there!!
I had just this trouble yesterday!! And I solved it!! Try this: * In the line of Listen, put only the port (80) * On NameVirtualHost put *. * Also put * into VirtualHosts (VH) instead of the IP * Add a ServerAlias inside the VH of the pages don't have it (remember you can use wildcards like *): - www.directories-today.com - wildcard.yellowpages.com.sg - www.asiacni.com.sg - www.asiacni.com - www.asiacni.net - www.asiacni.org * You can put all asiacni pages in the same VH (if all of them points to the same files), using several ServerAlias into the same VH. |
Hi emi_ramo,
I still getting the same error after changing the virtual host with *. Any other suggestion? |
My SELINUX is off
Hi All,
Below is my SELINUX status. more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted |
Thanks for taking the time to red. It's much appreciated!
Please help me here. Any suggestions or improvements are appreciated.
Quote:
|
I am also having a similar problem.
httpd.conf is at http://www.craigbrass.net/httpd.conf Quote:
|
Quote:
Hi Craigbrass, Maybe you can check on the permission of the test.jpg. what's yr user and group of this file? |
I don't know what SELinux is for. Are you still having the Permission Denied error? I have solved my webserver for several websites with several domains and subdomains and ports (secure, insecure and others). I've been working hard lastly. This is why I've not answered to you.... Sorry!!
|
All times are GMT -5. The time now is 12:12 AM. |