logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: 403 Forbidden
Author
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 18:52    Post subject: 403 Forbidden Reply with quote
Hello,

This is my first time posting here. You all look fairly knowledgable about Apache... so hopefully you can help me with my little problem.

I am running SME Server 7.4, which uses Apache 2.0.52 (details below).

I have installed a "contrib" package onto SME which adds a neat little System Monitor script/page to the admin console.

I have located the CGI script for it, here:
Code:
/etc/e-smith/web/functions/sysmon


So I created a soft-link to it in the cgi-bin directory of our main public website on that server.

I then manually edited httpd.conf with the following, in the appropriate <Directory> area:
Code:
Options +FollowSymLinks


And, finally, ran:
Code:
apachectl graceful


However, I'm still getting this when I try to view the sysmon script/page:

Quote:
Forbidden

You don't have permission to access /cgi-bin/sysmon on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.



I know this isn't a SME specific forum... but irregardless of all the SME stuff, this remains an Apache config issue. (I think.)

Sooo... any kind soul out there know what I'm doing wrong?

Thanks!
Back to top
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 18:56    Post subject: Reply with quote
Here are the details on Apache. If you need any other info, just let me know and I'll try and find it for you.

Code:
[root@smeserver ~]# apachectl -V
Server version: Apache/2.0.52
Server built:   Nov 15 2008 03:52:33
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
[root@smeserver ~]# apachectl -l
Compiled in modules:
  core.c
  prefork.c
  http_core.c
  mod_so.c
Back to top
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 18:58    Post subject: Reply with quote
Here is the <Directory> entry for the cgi-bin:
Code:
<Directory /home/e-smith/files/ibays/Primary/cgi-bin>
    Options ExecCGI
    Options +FollowSymLinks
    AllowOverride None
    order deny,allow
    deny from all
    allow from all
</Directory>
Back to top
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 19:34    Post subject: Reply with quote
My httpd/error_log has the following:

Quote:
[Tue May 05 10:32:14 2009] [error] [client xxx.xxx.xxx.xxx] Symbolic link not allowed: /home/e-smith/files/ibays/Primary/cgi-bin/sysmon
[Tue May 05 10:32:14 2009] [error] [client xxx.xxx.xxx.xxx] File does not exist: /home/e-smith/files/ibays/Primary/html/favicon.ico, referer: http://xyz.com/cgi-bin/sysmon



I had thought that adding +FollowSymLinks to the <Directory> would fix that...

Any ideas?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Tue 05 May '09 20:36    Post subject: Reply with quote
Your mistake

Code:

    order deny,allow
    deny from all
    allow from all


that should be deny from none
Back to top
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 22:19    Post subject: Reply with quote
James Blond wrote:
Your mistake

Code:

    order deny,allow
    deny from all
    allow from all


that should be deny from none


No - that rule works fine. It's how everything else on the server is set up. It is definitely something about the soft-link, though the softlink is world read & executable.
Back to top
ltwally



Joined: 05 May 2009
Posts: 6
PostPosted: Tue 05 May '09 22:24    Post subject: Reply with quote
I ended up copying the CGI script into that cgi-bin directory, which allows me to view the sysmon page.

But I'd still really like to nail down why the soft-link wasn't working. Especially since I had added +FollowSymLink to the <Directory> entry. Sad
Back to top


Reply to topic   Topic: 403 Forbidden View previous topic :: View next topic
Post new topic   Forum Index -> Apache