My .htaccess file isn't working. I have checked that it is in the root directory. I also verified that it's code is correct. When I type random letters/numbers into the .htaccess I do not get a 500 error. When i open my apache error log, it gives me this error:
[Mon Jan 16 20:28:37 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Jan 16 20:28:41 2012] [notice] Digest: generating secret for digest authentication ...
[Mon Jan 16 20:28:41 2012] [notice] Digest: done
[Mon Jan 16 20:28:44 2012] [notice] Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
I don't know what to do.
http.conf:
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
</Directory>
There are a few possible reasons your random, invalid, .htaccess file would not cause an http error 500 (internal server error):
Incorrect file name. It must be .htaccess. The first character is a dot. The last character is a lower case 's'. Hidden extensions might cause problems because an incorrect file name could appear to be correct.
The file location is incorrect. Try placing the file next to your html files, in the same folder. If that works, you could move the file up one folder and try again.
The Apache configuration does not allow for .htaccess files. If the configuration option AllowOverride is set to None in the apache configuration files (for the specified domain), then Apache will not look for any .htaccess files.
Also note that .htaccess files are ignored when you access your files using the file:// protocol.
Update
The paths used in .htaccess refer to file system paths, not url paths. Based on the .htaccess content you posted, nobody has access to any files on your webserver. I would suggest something like:
<Directory />
# Security first, deny everything that's not explicitly allowed.
AllowOverride None
Order deny, allow
Deny from all
</Directory>
<Directory /path/to/webroot>
# This is the part that should be accessible
Options FollowSymLinks
AllowOverride All
Order allow, deny
Allow from all
</Directory>
Your .htaccess file should be in /path/to/webroot
Note that you should change /path/to/webroot to something sensible that matches your file system.
Related
My linux apache 2.2 server is giving a 403 when serving a .sh script file. The file is intended to be downloaded and linked to via a simple href:
Click to Download
Clicking yields a 403.
The apache error log displays:
==> mysever.com-error_log <==
[Fri Dec 18 20:04:29 2015] [error] [client xx.xx.xx.xx] client denied by server configuration: /var/www/html/downloads/test.sh, referer: http://www.myserver.com/downloads/test.html
If I copy the file to one with a different extension even like .exe it lets me download it. So it doesn't appear to be a permissions issue.
I tried changing how apache treats the file by adding to httpd.conf and a .htaccess in the same directory:
AddType text/plain .sh
No luck.
I tried with no luck adding these options to the apache directory
Options Indexes FollowSymLinks Includes ExecCGI
Very weird. Any suggestions?
It's possible that ModSecurity is blocking the request because of the .sh extension.
You can also try adding the following to your .htaccess:
<Files ~ "\.sh$">
Order allow,deny
Allow from all
</Files>
Hi I'm getting 403 error while im accessing my live site through the browser. It was working fine last day. I'm not sure why this error is coming. I have searched a lot about it. These are the solutions I have tried:
I have changed my httpd.conf file's configurations from default to :
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
Changed the permission for /var/www/html directory from default to 777
and few more things. But nothing worked. I am not sure what is going wrong.
My server configurations are:
Apache/2.2.29.
AWS EC2 Instance.
This is the Error message shown on browser:
forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
This is the Error message from error_logs:
[Thu May 21 14:58:51 2015] [error] [client XXX.XXX.XXX.XXX] Directory index forbidden by Options directive: /var/www/
[Thu May 21 14:58:51 2015] [error] [client XXX.XXX.XXX.XXX] File does not exist: /var/www/error/noindex.html
please let me know in comments if you need anything else. Thanks in advance :)
I was trying to set up vhost for Apache/2.2.29. AWS EC2 Instance.
meet same error .
I solve it by looking the error.log
I need to give 755 to the parent folder
in your error log " File does not exist: /var/www/error/noindex.html"
means you need to have this folder and the file.
what I use is chmod 755 -R /var/www/
You can try following steps:
In httpd.conf file Options -Indexes +FollowSymLinks +MultiViews +Includes
Run on terminal: chown -R apache:apache /var/www/html
Restart Apache
SE Linux sets security context label to every file. If there is an error setting the security context label the system throws forbidden error.
Using "restorecon -v R" along with path name of the file's directory can clear the forbidden error.
The "restorecon" command restores the default security context to the file.
I have a Linux box running Centos 6.6 with Apaches 2.2.x
For some unknown reason, turning on the rewrite engine causes a 403 error (this happens whether I add a rewrite rule or not).
I have spent hours researching this and have made changes to my config in accordance with advice I have found in many places, but still got nowhere.
Currently in my .htaccess I have this:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
</IfModule>
In the directives for the virtual host, I have this:
DocumentRoot /var/www/html/example.uk
<Directory /var/www/html/example.uk>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerName example.uk
ServerAlias www.example.uk
(This seems to work in a Debian box, but not for my Centos machine.)
In my httpd.conf I have changed
AllowOverride None
to
AllowOverride All
my httpd.conf also contains
LoadModule rewrite_module modules/mod_rewrite.so
Error log says:
Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk
Now, I have previously added SymLinksIfOwnerMatch to the directives, but it didn't solve the problem.
I followed this and all seemed to go as it should.
This happens when Apache doesn't have execute rights for
/var
/var/www
/var/www/html
/var/www/html/example.uk
Run:
chmod o+x /var /var/www /var/www/html /var/www/html/example.uk
Since apache version >= 2.4 directive
Order allow,deny
allow from all
leads to a global 403, to ensure this if you check you're apache's log :
[Tue May 05 11:54:32.471679 2015] [authz_core:error] [pid 9497] [client 127.0.0.1:35908] AH01630: client denied by server configuration: /path/to/web/
Comment Directive Order and add Require all granted like bellow:
Require all granted
#Order allow,deny
#allow from all
Hope this help.
Edit :
explanation from apache
This behaviour is provided by new module mod_authz_host
For list of restriction available (ip, host, etc) http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html
You should remove this line from htaccess
Options +FollowSymLinks
You already have it in the apache vhost file. Also if you should add a rule if you're going to turn on mod_rewrite or there is no point to turning it on.
Another possibility with Apache 2.4 is caused by Options -FollowSymlinks which will also throw a 403 error and generate the following log:
AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off,
so the RewriteRule directive is also forbidden due to its similar
ability to circumvent directory restrictions
This was not the case in the original post, but if it comes up you would need to re-enable FollowSymLinks using this line:
Options +FollowSymLinks
I am having a strange problem which I have never had before. I have freshly installed Linux (it's a little-known linux release based on Ubuntu, used in a narrow industry segment, I hope it itself doesn't matter much). I have Apache installed. Every time I am trying to open
http://localhost
(locally) I get 401 Authorization required response.
My /etc/apache2/sites-enabled/000-default is:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
The /var/www directory doesn't contain any .htaccess files. The /etc/apache2/apache2.conf configuration file doesn't contain anything containg text "auth".
File permissions for /var/www is: drwxrwxrwx, root:www (owner user - root, group www). The apache user "www-data" is a member of the group "www". The index file /var/www/index.html has the same permissions.
Content of /etc/apache2/mods-enabled/ is the following:
alias.conf authz_user.load dir.load php5.load
alias.load autoindex.conf env.load setenvif.conf
auth_basic.load autoindex.load mime.conf setenvif.load
authn_file.load cgi.load mime.load status.conf
authz_default.load deflate.conf negotiation.conf status.load
authz_groupfile.load deflate.load negotiation.load
authz_host.load dir.conf php5.conf
Built-in modules (/usr/sbin/apache2 -l):
core.c
mod_authn_pam.c
mod_auth_basic.c
mod_log_config.c
mod_logio.c
prefork.c
http_core.c
mod_so.c
The interestign thing is that if I add the following line:
Satisfy Any
to the <Directory /> section in /etc/apache2/sites-enabled/000-default file, every request generates the following error in Apache's error log:
[Mon Oct 01 12:34:59 2012] [notice] child pid 4445 exit signal Segmentation fault (11)
and Apache returns nothing, just closes the connection.
I am completely lost, what makes Apache to ask for authorization, and even don't know how to debug it. Enabling debug level for the log files doesn't reveal anythin both in access.log and error.log. Any help or direction what to look at will be appreciated. Thanks.
Finally I contacted with this Linux vendors and it turned out that this particular Linux release is built in the way, that Apache authorization just can't be turned off, so there is no any way to switch it off except removing apache packages and replace them with other ones.
This is the opposite problem from most about which I have read. I am running Ubuntu 8.04 on an Amazon instance with Apache 2.2.8 and I can't figure out why setting AllowOverride to None for root doesn't stop my .htaccess file from being included.
I have a sub-directory with hello.py in it and an .htaccess file. When I browse to the file, it works fine with modpython serving the file. If I put some garbage in .htaccess I get a server error, so I know the .htaccess file is being used. Also if I delete the .htaccess file, hello.py is no longer server by modpython - instead the browser tries to open it.
In one of my sites-available (linked in sites-enabled), I have "AllowOverride None" for the root directory. I thought that this would prevent .htaccess from being included from root and all its sub-directories which should cause hello.py to not be served by mod_python. However, it continues to be served fine and I can test that .htaccess is still being included because when I modify it, I see the results in my browser.
Maybe there is something I am not understanding about my file in sites-enabled. This is the file I am using:
NameVirtualHost *:8080
<VirtualHost *:8080>
<Directory />
AllowOverride None
</Directory>
</VirtualHost>
Thanks for any help.
The reason the file is not served via mod_python when you delete .htaccess is because the setup for mod_python is located in it. If you move that stuff to your sites-available file, you can delete .htaccess, turn a blind eye to the problem, and call it a day.
If that doesn't satisfy you, then as to why .htacess is being read at all, I can't say. You are correct that AllowOverride None should prevent the file from ever being read. Have you considered the possibility that you screwed something up when adding the virtual site? Try throwing some garbage into the config and see if it complains, just to be sure it's being read at all.
AllowOverride is only allowed in <Directory>-sections, so you've done everything right.
One problem you could have is that other (sub-)<Directory>-sections set AllowOverride to something different than None. That will override the setting for these subdirectories.
I use
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
and in /var/www (my docroot) I can use .htaccesses.
The reason why mod_python does not work anymore if you delete your .htaccess is that mod_python setup is usually in .htaccess files.
If you need more information, please send us your configuration.
PS: In fact the docuementation linked above says that you should never set AllowOverride to something not None in <Directory />.