My simplesaml was working perfectly until I upgraded Apache to 2.4.6 on Ubuntu
The error I was getting :
Forbidden
You don't have permission to access /simplesaml/ on this server.
The instructions for installing simplesamlphp on Apache only require an alias for the simplesamlphp directory :
https://simplesamlphp.org/docs/stable/simplesamlphp-install#section_6
But for Apache 2.4.6+ the security has changed - it worked for me when I added a Directory directive. eg:
<VirtualHost *:80>
ServerName mywebsite.dev
DocumentRoot /home/myuser/www/mywebsite/
<Directory /home/myuser/www/mywebsite/>
Require all granted
</Directory>
Alias /simplesaml /var/simplesamlphp/www
<Directory /var/simplesamlphp/www/>
Require all granted
</Directory>
</VirtualHost>
While the chosen answer is correct I would like to add that SELinux can also cause this error. It took me a couple hours to realize that was my problem after following tons of examples online.
If you are running SELinux make sure you run the following command:
chcon -R --reference=/var/www /var/simplesamlphp
This will place the /var/simplesamlphp directory in the same security context as /var/www. You can't just place the /var/simplesamlphp/www directory in the same context because _include.php accesses files in /var/simplesamlphp/lib.
I hope this prevents someone from spending as much time on this problem as I did.
If you installed simplesamlphp via compose, this can be more complex. In addition to #RusselEngland's answer of needing to add proper Apache config, if you are still getting a 403, you need to make sure that this file is not being prevented by a rule in .htaccess.
Apache config:
<VirtualHost *:80>
DocumentRoot /var/www/html
Alias /simplesaml /var/www/html/vendor/simplesamlphp/simplesamlphp/www
<Directory /var/www/html/vendor/simplesamlphp/simplesamlphp/www/>
Require all granted
</Directory>
</VirtualHost>
.htaccess (in /var/www/html);
<IfModule mod_rewrite.c>
#...
RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
RewriteCond %{REQUEST_URI} !^/simplesaml/* # Add this condition
RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
</IfModule>
Related
HTTP-Only Application in Lightsail seems to not popular.
Where is right place for the html application;
('/home/bitnami/projects/myapp',
'/opt/bitnami/apps/myapp',
'opt\bitnami\apache\htdocs')
Where and how locate rule for remove 'myapp' from url (www.myDomain.com/myapp);
Where should be 'amazon-ses-smtp-sample.php' and how to prevent them to access from url;
Bitnami Engineer here, you will need to follow the next steps to deploy your custom application on top of a Bitnami solution
Create the same structure used by Bitnami when installing Bitnami PHP applications. To do this, run these commands:
sudo mkdir /opt/bitnami/myapp
sudo chown -R bitnami:daemon /opt/bitnami/myapp
sudo chmod -R g+w /opt/bitnami/myapp
Create and edit the /opt/bitnami/apache2/conf/vhosts/myapp-vhost.conf file and add the configuration block shown below:
<VirtualHost 127.0.0.1:80 _default_:80>
ServerAlias *
DocumentRoot /opt/bitnami/myapp
<Directory "/opt/bitnami/myapp">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Create and edit the /opt/bitnami/apache2/conf/vhosts/myapp-https-vhost.conf file and add the configuration block shown below:
<VirtualHost 127.0.0.1:443 _default_:443>
ServerAlias *
DocumentRoot /opt/bitnami/myapp
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/bitnami/certs/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/bitnami/certs/server.key"
<Directory "/opt/bitnami/myapp">
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Restart the Apache server:
sudo /opt/bitnami/ctlscript.sh restart apache
You should now be able to access the application at http://SERVER-IP/.
You can find more information about how to deploy the app here:
https://docs.bitnami.com/aws/infrastructure/lamp/administration/create-custom-application-php/
Regarding the amazon-ses-smtp-sample.php file, you will need to add the required rule in the .htaccess file inside the /opt/bitnami/myapp directory. Something similar to this
<Files "amazon-ses-smtp-sample.php">
Require all denied
</Files>
I have a Linux box running Centos 6.6 with Apaches 2.2.x
For some unknown reason, turning on the rewrite engine causes a 403 error (this happens whether I add a rewrite rule or not).
I have spent hours researching this and have made changes to my config in accordance with advice I have found in many places, but still got nowhere.
Currently in my .htaccess I have this:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
</IfModule>
In the directives for the virtual host, I have this:
DocumentRoot /var/www/html/example.uk
<Directory /var/www/html/example.uk>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerName example.uk
ServerAlias www.example.uk
(This seems to work in a Debian box, but not for my Centos machine.)
In my httpd.conf I have changed
AllowOverride None
to
AllowOverride All
my httpd.conf also contains
LoadModule rewrite_module modules/mod_rewrite.so
Error log says:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk
Now, I have previously added SymLinksIfOwnerMatch to the directives, but it didn't solve the problem.
I followed this and all seemed to go as it should.
This happens when Apache doesn't have execute rights for
/var
/var/www
/var/www/html
/var/www/html/example.uk
Run:
chmod o+x /var /var/www /var/www/html /var/www/html/example.uk
Since apache version >= 2.4 directive
Order allow,deny
allow from all
leads to a global 403, to ensure this if you check you're apache's log :
[Tue May 05 11:54:32.471679 2015] [authz_core:error] [pid 9497] [client 127.0.0.1:35908] AH01630: client denied by server configuration: /path/to/web/
Comment Directive Order and add Require all granted like bellow:
Require all granted
#Order allow,deny
#allow from all
Hope this help.
Edit :
explanation from apache
This behaviour is provided by new module mod_authz_host
For list of restriction available (ip, host, etc) http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
You should remove this line from htaccess
Options +FollowSymLinks
You already have it in the apache vhost file. Also if you should add a rule if you're going to turn on mod_rewrite or there is no point to turning it on.
Another possibility with Apache 2.4 is caused by Options -FollowSymlinks which will also throw a 403 error and generate the following log:
AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off,
so the RewriteRule directive is also forbidden due to its similar
ability to circumvent directory restrictions
This was not the case in the original post, but if it comes up you would need to re-enable FollowSymLinks using this line:
Options +FollowSymLinks
I am trying to write some rewrite rules in apache2 conf and they are not working
Following is my virtualhost block in apache conf. My os is ubuntu 12.04 server edition
DocumentRoot /var/www/xyz
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/xyz>
Options Indexes FollowSymLinks MultiViews
#AllowOverride None
AllowOverride All
Order allow,deny
#Order deny,allow
allow from all
</Directory>
I have .htaccess file with some rewrite rules as follows
ReWriteEngine on
RewriteRule ^/matchV/(.*) http://host:8080/$1
RewriteRule ^/other/(.*?)$ /httpdcontent/$1
rewrite module is enabled with apache.
Can someone tell me if i am missing anything.
Thanks,
Sandeep
First of all, a dollar sign seems to be missing on the first rewriting rule.
Then, I would recommend the use of [L] in "debug" situation. This way, only one rule would have to be corrected at the time.
If you need to check how the rewriting goes, you need to have a look at your log files /var/log/apache2/error.log and /var/log/apache2/access.log. They will tell you what URL the server tried to process, and how it failed. From this, you should be able to see what is missing, or what is "too much".
From what I see, I would say it has to do with the rewriting base. Your webserver root is probably at /var/www, and the directory for the virtual host is /var/www/xyz. I think you could fix it using something like...
RewriteBase /xyz
Anyway, edit the configurations, and don't stop checking the logs. From there, you'll see what URL/File the server tries to process, and you should be able to correct the paths it uses.
I'm trying to setup my apache server to access certain folders when I type addresses like test1.example.com test2.example.com etc.
So far I read and did many things but with no success yet. I'll be very thankful if you can help me.
So to start I'm using ubuntu 12.10 as my desktop and I've set up apache server there. I've added example.com in hosts resolving to 127.0.0.1. So far no problems. I've enable vhost_alias and mod_rewrite in apache and I'm using this for my virtual server
NameVirtualHost *:80
UseCanonicalName Off
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www\.)?([^\.]+).example.com$
RewriteRule ^(.*) $1 [F]
VirtualDocumentRoot /home/example/server/projects/%1/public_html
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /home/radoslav/server/projects>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
#log file for this server
CustomLog /var/log/apache2/example.com.log combined
</VirtualHost>
But when I open test.example.com it says that browser can find test.example.com, no matter that I have this directory in the path specified. Just to clear things up apache have permissions to read this directory so it's not this. When I ping example.com from console I get ping but if I ping test.example.com I get error that can not find host. As you can see obviously it's not resolving the adress no matter that I've setup everything correcly.
Any help guys?
You need to add test.example.com and any other hostnames you want to use in the host file. The host file does not supports wildcard.
I'm currently moving a dev magento build to my live test subdomain on ubuntu and using Easy Hosting Control Panel (EHCP).
If I rename my .htaccess file to .htaccess and refresh my subdomain url, I get an internal server error 500. If I rename the .htaccess file to .htaccess.bak, and refresh, the subdomain displays my magento store fine. BUT, if I try to navigate, since the index.php isn't removed in the .htaccess file, all my links are dead unless I insert index.php between my root url and the actual page/directory I'm navigating to.
I tried over riding the /etc/apache2/sites-available/000-default and /etc/apache2/sites-available/default files to AllowOverride All:
<VirtualHost *>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/vhosts/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
<FilesMatch "access_log|error_log">
Deny from All
</FilesMatch>
ErrorLog /var/log/apache2/error.log
LogLevel debug
CustomLog /var/log/apache2/access.log combineddefault
but changing that in either file, or both, and then reenabling the .htaccess file still gives me the 500 error.
anything I'm doing wrong here? Somewhere else I should be placing the mod rewrite information?
thanks!
I know this is kind of dead but for those with this issue check your /etc/apache2/mods-enabled to see if rewrite.load is there if not try to copy it from the /etc/apache2/mods-available folder that fixed the issue for me. You will also have to have the .htaccess override enabled for that
is it rules available?
maybe apache is disabled rewrite mod,you can try to enable.
type 'a2enmod rewrite' to turn on.