| Author |
|
sebastienserre
Joined: 05 Jun 2014
Posts: 5
Location: France, Paris
|
 Posted: Thu 05 Jun '14 23:08 Post subject: AH01797: client denied by server configuration |
 |
|
Hello
I've a Wordpress Blog on a Ubuntu 13.10 server with Apache 2.4.2.
For only one page on this site I 've this error and can't find a solution.
| Code: | | [access_compat:error] [pid 3101] [client my_ip:37071] AH01797: client denied by server configuration: /var/www/thiverval-grignon.com/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php |
Is someone could help me please?
Many thx by advance
Seb |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 28 Jun '14 12:05 Post subject: |
|
|
| Are there any .htaccess files that may block the access? Correct file and folder permissions? |
|
| Back to top |
|
sebastienserre
Joined: 05 Jun 2014
Posts: 5
Location: France, Paris
|
| Posted: Sat 28 Jun '14 19:43 Post subject: |
|
|
| Unfortunately not, never found the matter... |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 30 Jun '14 11:17 Post subject: |
|
|
since it's 2.4 and the error is from mod_access_compat I'd probably start by getting rid of the old Order/Allow/Deny style access directives in my config for this host and use 2.4s Require directives.
Actually, I'd work on ridding my entire config of all the old style and then unload the module since it would no longer be needed. I've found mixing old and new style access directives has varied odd behaviors. |
|
| Back to top |
|
sebastienserre
Joined: 05 Jun 2014
Posts: 5
Location: France, Paris
|
| Posted: Tue 09 Sep '14 11:51 Post subject: |
|
|
Hello
I came back as I think it's a misconfiguration on an Ubuntu Server 14.04.1 with Apache 2.4.
I don't understand how to solve my pb and comme back to Apache as I use Nginx for the moment but no very happy of it for the moment.
here's my conf:
| Code: | <VirtualHost *:80>
ServerAdmin sebastien@thivinfo.com
ServerName dev.thiverval-grignon.com
DocumentRoot /var/www/thiverval-grignon.com
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /var/www/thiverval-grignon.com>
Options FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
Options +FollowSymlinks
RewriteEngine on
# Lorsque l'on tape dans la barre d'adresse www.votre_domaine.net/page-* c'est la page www.votre_domaine.net/page.php?id=* qui s'affiche
# ^ et $ signifie respectivement le dét et la fin d'une expression réliè
RewriteRule ^page-([0-9]+)$ /page.php?id=$1 [L]
</VirtualHost> |
Thx by adavance for your help |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 10 Sep '14 11:09 Post subject: |
|
|
You are mixing the new auth config and the old one. It is known that that causes conflicts. Use only the old style or only the new one. Of cause the new one is recommended  |
|
| Back to top |
|
sebastienserre
Joined: 05 Jun 2014
Posts: 5
Location: France, Paris
|
| Posted: Wed 10 Sep '14 11:12 Post subject: |
|
|
| I understand, where can i find a Tutorials explaining me how to convert mine? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 10 Sep '14 11:26 Post subject: |
|
|
The old order allow deny with the new config exmaple
| Code: |
Order allow,deny
Allow from all
|
just becomes
| Code: | | Require all granted |
| Code: |
Order allow,deny
Deny from all
|
becomes
a bit more complex example
| Code: |
<Directory /var/www/>
Options Indexes FollowSymLinks Multiviews
AllowOverride All
<RequireAll>
Require all granted
Require not ip 188.40 46.4 176.9 46.166 46.21 78.46 91.207.7.21 0.0.0.0 91.207.7.182
</RequireAll>
</Directory>
|
|
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Wed 10 Sep '14 16:17 Post subject: |
|
|
Many thanks and a question:
Is it correct to assume that
| Code: | Order deny,allow
Deny from all
Allow from 127.0.0.1 172.16.0.0/255.255.0.0 |
will be
| Code: | Require all denied
Require ip 127.0.0.1 172.16.0.0/255.255.0.0 |
or do i have to use a section like
| Code: | <RequireAll>
Require all denied
Require ip 127.0.0.1 172.16.0.0/255.255.0.0
</RequireAll> |
? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 12 Sep '14 12:30 Post subject: |
|
|
Nope, only
| Code: |
Require ip 127.0.0.1 172.16.0.0/255.255.0.0
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 12 Sep '14 12:32 Post subject: |
|
|
You can also use it shorter like
| Code: |
Require ip 127
Require ip 172.16
|
|
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Fri 12 Sep '14 14:46 Post subject: |
|
|
Is the form (require ip ...) secure in the same way as the old declaration?
Because in the old declaration first everything was denied and then only a small portion was allowed so that if there is a little mistake in the allowed-declaration the first one still denies for all (the rest).
I just want to be sure, that most important and first of all there is no access and only in a second step i want to open it for only a few ip's.
If thats done with require ip, then ok, but if it can be done with "require all denied" and then "require ip" i would prefer that one (as long as it is not a mistake).
(In that context it would be interesting to know what happens if there is no require declaration.)
Thanks and greets
JR |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sun 14 Sep '14 21:12 Post subject: |
|
|
the new deolcaration is as secure as the old one. You need only that require ip stuff.
What happens without? Why don't you try out? |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Mon 15 Sep '14 8:45 Post subject: |
|
|
| James Blond wrote: | | Why don't you try out? |
Hmmm , yes, why not?
A bit lazy ... 
And i like the conversation.
Ok, will check that.
Last edited by jraute on Mon 15 Sep '14 9:18; edited 1 time in total |
|
| Back to top |
|
jraute
Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany
|
| Posted: Mon 15 Sep '14 9:10 Post subject: |
|
|
Ok, i've tried.
Results:
If i use a section | Code: | <RequireAll>
Require all denied
Require ip 127.0.0.1 172.16.0.0/255.255.0.0
</RequireAll> |
which includes "require all denied" there is no access regardless if i include "require ip ...".
If i don't use a section | Code: | Require all denied
Require ip 127.0.0.1 172.16.0.0/255.255.0.0 |
or just | Code: | | Require ip 127.0.0.1 172.16.0.0/255.255.0.0 |
it works.
If i do not define anything (just without a require declaration) there is access for everybody!
So i need the "require ip ..." as a minimum. |
|
| Back to top |
|
sebastienserre
Joined: 05 Jun 2014
Posts: 5
Location: France, Paris
|
| Posted: Sun 02 Nov '14 1:02 Post subject: |
|
|
Hello
I'm back to correctly configure my Apache2.4.7
I allways have an error:
AH01797: client denied by server configuration:
with conf:
| Code: |
<VirtualHost *:80>
ServerName thiverval-grignon.com
ServerAlias www.thiverval-grignon.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/thiverval-grignon.com
<Directory /var/www/thiverval-grignon.com>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Options +FollowSymlinks
RewriteEngine on
</VirtualHost>
|
Don't understand what's wrong, please help me.
Many thx
mode note: cleaned config and added bb tags |
|
| Back to top |
|
