My linux apache 2.2 server is giving a 403 when serving a .sh script file. The file is intended to be downloaded and linked to via a simple href:
Click to Download
Clicking yields a 403.
The apache error log displays:
==> mysever.com-error_log <==
[Fri Dec 18 20:04:29 2015] [error] [client xx.xx.xx.xx] client denied by server configuration: /var/www/html/downloads/test.sh, referer: http://www.myserver.com/downloads/test.html
If I copy the file to one with a different extension even like .exe it lets me download it. So it doesn't appear to be a permissions issue.
I tried changing how apache treats the file by adding to httpd.conf and a .htaccess in the same directory:
AddType text/plain .sh
No luck.
I tried with no luck adding these options to the apache directory
Options Indexes FollowSymLinks Includes ExecCGI
Very weird. Any suggestions?
It's possible that ModSecurity is blocking the request because of the .sh extension.
You can also try adding the following to your .htaccess:
<Files ~ "\.sh$">
Order allow,deny
Allow from all
</Files>
Related
While I am running my first program in Apache /2.4.7 (ubuntu) it shows error as Follows:
Not Found The requested URL /hello was not found on this server. Apache/2.4.7 (Ubuntu) Server at 127.0.0.1 Port 80.
I tried changing apache2.conf as below:
Options ExecCGI Indexes
FollowSymLinks <------
AllowOverride None
Require all granted
AddHandler cgi-script .py <--------
Still not able execute my program ?
Thanks
Based on the little info provided, there are a couple things to try:
Seems like you are trying to load a Python script, so include the extension of the script filename in the URL. As in: http://127.0.0.1/hello.py
Check for owner and permissions for the script. Does Apache have access to execute them?
I have followed this tutorial to configure http apache server:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/chap-Managing_Confined_Services-The_Apache_HTTP_Server.html
When I connected using
telnet localhost 12345
GET / HTTP/1.0
I got an error
HTTP/1.1 403 Forbidden
and the default html of apache was listed below too.
I tried to configure the
/etc/httpd/conf/httpd.conf
adding
<Directory "/var/www/html">
Order allow,deny
Allow from all
Require all granted
</Directory>
and also ran
chmod -R o+x /var/www/html
and I'm still getting the same error. How do I proceed?
Do you have a file called index.html inside /var/www/html/ directory?
I would also suggest to check access and error logs files under /var/log/httpd directory
Hi I'm getting 403 error while im accessing my live site through the browser. It was working fine last day. I'm not sure why this error is coming. I have searched a lot about it. These are the solutions I have tried:
I have changed my httpd.conf file's configurations from default to :
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
Changed the permission for /var/www/html directory from default to 777
and few more things. But nothing worked. I am not sure what is going wrong.
My server configurations are:
Apache/2.2.29.
AWS EC2 Instance.
This is the Error message shown on browser:
forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This is the Error message from error_logs:
[Thu May 21 14:58:51 2015] [error] [client XXX.XXX.XXX.XXX] Directory index forbidden by Options directive: /var/www/
[Thu May 21 14:58:51 2015] [error] [client XXX.XXX.XXX.XXX] File does not exist: /var/www/error/noindex.html
please let me know in comments if you need anything else. Thanks in advance :)
I was trying to set up vhost for Apache/2.2.29. AWS EC2 Instance.
meet same error .
I solve it by looking the error.log
I need to give 755 to the parent folder
in your error log " File does not exist: /var/www/error/noindex.html"
means you need to have this folder and the file.
what I use is chmod 755 -R /var/www/
You can try following steps:
In httpd.conf file Options -Indexes +FollowSymLinks +MultiViews +Includes
Run on terminal: chown -R apache:apache /var/www/html
Restart Apache
SE Linux sets security context label to every file. If there is an error setting the security context label the system throws forbidden error.
Using "restorecon -v R" along with path name of the file's directory can clear the forbidden error.
The "restorecon" command restores the default security context to the file.
My .htaccess file isn't working. I have checked that it is in the root directory. I also verified that it's code is correct. When I type random letters/numbers into the .htaccess I do not get a 500 error. When i open my apache error log, it gives me this error:
[Mon Jan 16 20:28:37 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Jan 16 20:28:41 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Jan 16 20:28:41 2012] [notice] Digest: done
[Mon Jan 16 20:28:44 2012] [notice] Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
I don't know what to do.
http.conf:
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
</Directory>
There are a few possible reasons your random, invalid, .htaccess file would not cause an http error 500 (internal server error):
Incorrect file name. It must be .htaccess. The first character is a dot. The last character is a lower case 's'. Hidden extensions might cause problems because an incorrect file name could appear to be correct.
The file location is incorrect. Try placing the file next to your html files, in the same folder. If that works, you could move the file up one folder and try again.
The Apache configuration does not allow for .htaccess files. If the configuration option AllowOverride is set to None in the apache configuration files (for the specified domain), then Apache will not look for any .htaccess files.
Also note that .htaccess files are ignored when you access your files using the file:// protocol.
Update
The paths used in .htaccess refer to file system paths, not url paths. Based on the .htaccess content you posted, nobody has access to any files on your webserver. I would suggest something like:
<Directory />
# Security first, deny everything that's not explicitly allowed.
AllowOverride None
Order deny, allow
Deny from all
</Directory>
<Directory /path/to/webroot>
# This is the part that should be accessible
Options FollowSymLinks
AllowOverride All
Order allow, deny
Allow from all
</Directory>
Your .htaccess file should be in /path/to/webroot
Note that you should change /path/to/webroot to something sensible that matches your file system.
I want to start using mod_rewrite so i can use friendly url's in the future. Im testing all in my localhost dev. environment but, Im not having any luck getting the module to work!
My modules is enabled (apache restarted):
LoadModule rewrite_module modules/mod_rewrite.so
The file named mod_rewrite.so exists under the modules folder in my Apache installation directory
I've created a file named .htaccess under c:/public_html/
For testing purposes, ive created my first rules like so:
RewriteEngine On
# Translate my-product.html to /product.php?id=123
RewriteRule ^my-product\.html$ /product.php?id=123
for testing purposes, the product.php is extremely simple:
<?php
// display product details
echo 'You have selected product #' . $_GET['id'];
?>
When i load http://localhost/my-product.html I get the error:
The requested URL /my-product.html was not found on this server.
When i go see the log, i see:
[Thu Sep 22 02:37:49 2011] [error] [client 127.0.0.1] File does not exist: C:/public_html/my-product.html
It looks like it doesn't recognize the .htaccess rule at all!
I'm not sure what to do next, i feel i've applied all the simpliest rules to get started with mod_rewrite but with no luck!
Help!
Thanks
Marco
Have you changed the Allowoverride property in httpd.conf file to 'All'.
To check whether the mod-rewrite is enabled in your server, load the phpinfo file and search for the mod_rewrite extension.
You should configure the mod_rewrite logging, so you can see what happens. Look up the RewriteLog directive in the manual.
Initially you can set the log level to 9 (for learning). As long as the file stays empty, the .htaccess is ignored, as you already suspected.
You can also just write rubbish into the .htaccess to see if it gets interpreted at all. If it does, you will get a 500 Internal Server Error. If not, you must configure the directory C:/public_html to allow htaccess files. See the Options directive in the manual.