LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-13-2004, 10:17 PM   #1
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Rep: Reputation: 30
Apache2 virtual host cgi 403 Forbidden /


got this issue...

Apache2 virtual host cgi 403 Forbidden /

domain.com, www.domain.com, and mail.domain.com all work with dns.
I added a virtual host listing in Vhost file:
mail.domain.com should go to: http://domain.com/cgi-bin/openwebmail/openwebmail.pl

==
ERROR:
Forbidden
You don't have permission to access / on this server.
--------------------------------------------------------------------------------

Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk) Server at mail.xdomainx.com Port 80
==

Prolly cos of the Userdir directives but not sure how to modify it, or should I try the Docroot as starting from /cgi-bin/openwebmail/openwebmail.pl ??
It is currently set as /var/www/cgi-bin... ...et cetera

[edit]
exact entry in vhost.conf:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/
</VirtualHost>

<VirtualHost *:80>
ServerName mail.domain.com
DocumentRoot /cgi-bin/openwebmail/openwebmail.pl
</VirtualHost>

======
tried these;
DocumentRoot /cgi-bin/openwebmail/openwebmail.pl
DocumentRoot /var/www/cgi-bin/openwebmail/openwebmail.pl
DocumentRoot /cgi-bin/openwebmail/

error: 403 Forbidden.

do I need to change anything to /etc/hosts:
127.0.0.1 localhost
192.168.0.75 mail.domain.com mail
==

NS: http://domain.com/cgi-bin/openwebmail/openwebmail.pl works fine by iitself.
 
Old 04-14-2004, 02:18 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
DocumentRoot must be a directory and use a full system path.

You can set the default file that is accessed by modifying DirectoryIndex.

You will most likely need to create a Directory entry for the mail folder and add ExecCGI to the Options directive to allow the scripts to be run.
 
Old 04-14-2004, 02:29 PM   #3
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
yes - I did something similiar already but still having the same problem - I will post the changes I made last night when I get home from work [my company cut off my remote ssh access and threatens zero tolerance for getting caught, the bolloxes]. I will post the entries when I get home tonight. Thanks for the help.
 
Old 04-14-2004, 05:09 PM   #4
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
thanks for the help...

NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/
</VirtualHost>

#<VirtualHost *:80>

#ServerName mail.domain.com
#DocumentRoot /var/www/cgi-bin/openwebmail/
#ServerAlias mail.domain.com
#</VirtualHost>
#
#took that out
#
#tried several variations of this below
#
<VirtualHost *:80>
#ServerAdmin mossy@domain.com
#DocumentRoot /cgi-bin/openwebmail/openwebmail.pl
ServerName mail.domain.com
#ServerAlias mail.domain.com
ScriptAlias localhost.localdomain "/cgi-bin/openwebmail/openwebmail.pl"
#ScriptAlias mail.domain.com "/cgi-bin/openwebmail/openwebmail.pl"
AddHandler cgi-script .cgi .pl
Alias /data "/var/www/data"
<Directory "/cgi-bin/openwebmail/openwebmail.pl">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
 
Old 04-14-2004, 07:13 PM   #5
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
I will add something like this too when I get the chance:
DirectoryIndex -Index
and or
DirectoryIndex .cgi .pl
AddHandler cgi-script cgi pl
Options ExecCGI


Last edited by mossy; 04-14-2004 at 08:48 PM.
 
Old 04-15-2004, 12:51 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Try this:
Code:
<VirtualHost *:80>
   ServerAdmin mossy@domain.com
   DocumentRoot /var/www/cgi-bin/openwebmail/
   ServerName mail.domain.com

   <Directory "/var/www/cgi-bin/openwebmail/">
      AllowOverride None
      Options ExecCGI
      DirectoryIndex openwebmail.pl
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>
 
Old 04-15-2004, 06:00 PM   #7
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
~Getting closer!

thanks david_ross ~

Now it tries to download the cgi-script:

Message:
You have chosen to open from http://mail.domain.com/
which is a: application/x-perl
and then it asks if I want to open with an application or download it.

current Vhost.conf

Code:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/
</VirtualHost>
#
#
#
<VirtualHost *:80>
   ServerAdmin mossy@domain.com
   DocumentRoot /var/www/cgi-bin/openwebmail/
   ServerName mail.domain.com
   <Directory "/var/www/cgi-bin/openwebmail/">
      AllowOverride None
      Options ExecCGI
      DirectoryIndex openwebmail.pl
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>
#
wondering if it is anything to do with the " *:80" ?


also I will try adding:

AddHandler cgi-script cgi pl

and play with it alittle when I get time.

Last edited by mossy; 04-15-2004 at 06:07 PM.
 
Old 04-16-2004, 01:59 AM   #8
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
ok this conf worked:

Code:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/
</VirtualHost>
                                                                                                                                                            #
#
<VirtualHost *:80>
   ServerAdmin mossy@domain.com
   DocumentRoot /var/www/cgi-bin/openwebmail/
   ServerName mail.domain.com
   <Directory "/var/www/cgi-bin/openwebmail/">
      AllowOverride None
      Options ExecCGI
      AddHandler cgi-script cgi pl
      DirectoryIndex openwebmail.pl
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>
It will now open the script. Thank you very much. I am going to affero you.

On another note my end result is not achieved. I should have realized this beforehand. Argh!

I guess basically what I am trying to do is make:

mail.domain.com = http://domain.com/cgi-bin/openwebmail/openwebmail.pl

The reason for this is that postfix and openwebmail both work off the $domain.
Currently I access webmail at http://domain.com/cgi-bin/openwebmail/openwebmail.pl and it sends/recieves fine.

If I access it as mail.domain.com with the vhost it goes to http://mail.domain.com/cgi-bin/openw...openwebmail.pl

This means that the sender/from field is then mossy@mail.domain.com which does not work when people reply to it.
It will send tho. Another wierd thing is that alot of the icons don't follow thru. The webmail layout, email and listings are all beginning with "search".
That never happened when I used to access it straight with mail.domain.com/cgi-bin/cgi-bin/openwebmail/openwebmail.pl until the Vhost addition.
[I guess to make that work I would have to specify the icon dirs etc etc but anyway].

So end result - I am not sure how to proceed.
Will a redirect work? Forwarder? Alias?
Do you have any ideas?

http://mail.domain.com should go to http://domain.com/cgi-bin/openwebmail/openwebmail.pl

that way users will only have to type mail.domain.com and it will forward to the openwebmail.

Thanks again.

Last edited by mossy; 04-16-2004 at 02:16 AM.
 
Old 04-16-2004, 01:39 PM   #9
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
I think for what you are trying to achieve a redirect would be better - even if it is just a meta tag in an html page. I haven't really used openwebmail so I'm not sure about the domain problem in the e-mail so a redirect will probably be easier.
 
Old 04-16-2004, 01:53 PM   #10
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
ok no problem david_ross - I now know how to make various vhosts and that was important. I'll post a brand new question to get some ideas on which is the best way to do this.
 
Old 04-16-2004, 01:58 PM   #11
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
For redirecting you can just create a basic html page with a redirect as described here:
http://www.seologic.com/faq/meta-refresh-tag.php
 
Old 04-16-2004, 02:37 PM   #12
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
yeah sounds good. I was initially wondering about the time involved in a redirect but I can adjust that apparently. kewl. I will give that a shot and test it.

Hey I was also wondering about security and locking down the cgi properly.

are the permissions we set on the cgi secure?
Code:
Order allow,deny
      Allow from all
Do you happen to know what the "allow,deny" bit means exactly?

On the Apache site they have a very low opinion of cgi regarding security.
If your up on that can you tell me the main weaknesses - Is it the scripts themselves or the fact of opening up another directory with the permissions above?

PS: How's the weather over there in the fine land of Scotland?

Thanks for all you help.
Cheers.
 
Old 04-16-2004, 03:02 PM   #13
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
The allow and deny options allow you to restrict access to specific IP addresses - the apache docs can explain much better than me:
http://httpd.apache.org/docs-2.0/mod...ess.html#order

Any sort of application that is run on a machine is liable to increase the chance of a security hole. On a website you are generally letting any user run these programs at their will so they are much more exposed that shell applications. If a malicous user finds a security hole in a web based script they can exploit it on any system that is running it.

We've actually had pretty good weather the last few days. I just hope it keeps up so I can get a few rounds of golf this weekend
 
Old 04-16-2004, 04:32 PM   #14
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
thanks.
 
Old 04-16-2004, 05:58 PM   #15
mossy
Member
 
Registered: Aug 2003
Location: USexIRL
Distribution: *nix
Posts: 849

Original Poster
Rep: Reputation: 30
man, set it up in less than 3 mins, works great set to 1 sec.
I was way over complicating things. I really should have stuck to my first instinct in the beginning to just a redirect.
Then I read up on vhost and thought bingo! Well actually It did need the vhost too.
I will consider setting the timer to 0 as google is not an issue with the webmail. Jees all this time I was wreck'in me head on that cgi vhost.

I just created a simple index.html with the 1 liner redirect and a simple vhost - boom - she's up. Thanks for all you help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 virtual host. hgb Linux - Networking 10 01-24-2009 02:05 AM
apache2 help -Virtual Host- Fredstar *BSD 4 06-06-2005 01:09 PM
Vqadmin.cgi, 403 Forbidden Erros, and httpd.conf woe opioid Linux - Software 3 05-11-2004 08:08 AM
403 Forbidden access to web with php and cgi scripts tonyboy Linux - Software 3 03-17-2004 07:45 AM
403 Forbidden on Virtual Servers with PHP scripts tonyboy Linux - Software 3 03-11-2004 10:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration