| Author |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
 Posted: Sun 04 Dec '16 16:03 Post subject: Forbiden access with <Directory inside <VirtualHost st |
 |
|
Hi,
Windows 7 Pro 64 bit
Apache 2.4.23
J:\wamp\bin\apache\apache2.4.23\bin>httpd -M
Loaded Modules:
core_module (static)
win32_module (static)
mpm_winnt_module (static)
http_module (static)
so_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
asis_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
cgi_module (shared)
dir_module (shared)
env_module (shared)
file_cache_module (shared)
include_module (shared)
isapi_module (shared)
log_config_module (shared)
mime_module (shared)
negotiation_module (shared)
rewrite_module (shared)
setenvif_module (shared)
userdir_module (shared)
vhost_alias_module (shared)
php7_module (shared)
With, in httpd-vhosts.conf :
| Code: | <VirtualHost *:80>
ServerName techaero
DocumentRoot j:/wamp/www/techaero
<Directory "j:/wamp/www/techaero/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
<RequireAny>
Require local
Require ip 192.168.0
</RequireAny>
</Directory>
</VirtualHost>
|
Local access 'http://techaero/' works well.
Network access with 'http://198.168.0.10/techaero/' from a post with IP 198.168.0.15 gives an error 403 :
Apache access.log
| Code: | | 192.168.0.15 - - [03/Dec/2016:10:18:48 +0100] "GET /techaero/ HTTP/1.1" 403 |
Apache apache_error.log
| Code: | | [Sun Dec 04 14:44:44.643053 2016] [authz_core:error] [pid 6556:tid 956] [client 192.168.0.15:51951] AH01630: client denied by server configuration: J:/wamp/www/techaero/ |
If I modify http-vhosts.conf with <Directory... outside of VirtualHost structure :
| Code: | <VirtualHost *:80>
ServerName techaero
DocumentRoot j:/wamp/www/techaero
</VirtualHost>
<Directory "j:/wamp/www/techaero/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
<RequireAny>
Require local
Require ip 192.168.0
</RequireAny>
</Directory> |
Local access and network access work well.
Where is my mistake? Why is access prohibited if <Directory .. is inside the structure <VirtualHost? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 10 Dec '16 13:13 Post subject: |
|
|
Apache is a bit picky with the naming.
Your document root is
j:/wamp/www/techaero
but your Directory is
j:/wamp/www/techaero/
the drive letter also suggest that it might be a network drive? If it is a network drive and you run apache as a service you need to create a unique local user for apache, cause the normal service user is not allowed to access the network. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Sat 10 Dec '16 15:29 Post subject: |
|
|
| James Blond wrote: | Apache is a bit picky with the naming.
Your document root is
j:/wamp/www/techaero
but your Directory is
j:/wamp/www/techaero/
|
It is NOT a network drive.
The documentation said : The DocumentRoot should be specified without a trailing slash. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 10 Dec '16 18:00 Post subject: |
|
|
| Why don't you then remove the slash in the Directory block and give it try? |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Fri 16 Dec '16 19:52 Post subject: |
|
|
| James Blond wrote: | | Why don't you then remove the slash in the Directory block and give it try? |
It does not change the problem.
Moreover I do not see in what way the presence or absence of the final slash could change something.
The problem is not in the syntax of the <Directory <structure, but in the fact that it is not taken into account if the <Directory structure is inside the <VirtualHost structure, but taken into account if it is outside the <VirtualHost structure.
Re-reading my first message, I think my explanations are coherent, although the English is not my mother tongue |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Sun 15 Jan '17 19:05 Post subject: |
|
|
Hi,
I'm sorry to relaunch this discussion.
The problem is exactly the same with Apache 2.4.25.
So I ask the question:
Why is access prohibited if <Directory .. structure is inside the <VirtualHost structure and access is not prohibited if <Directory .. structure is outside the <VirtualHost structure.
While I read and reread the Apache 2.4 documentation in all directions, nowhere is it mentioned that <Directory does not work if in a <VirtualHost |
|
| Back to top |
|
covener
Joined: 23 Nov 2008
Posts: 59
|
| Posted: Sun 15 Jan '17 19:24 Post subject: |
|
|
| Otomatic wrote: | Hi,
I'm sorry to relaunch this discussion.
The problem is exactly the same with Apache 2.4.25.
So I ask the question:
Why is access prohibited if <Directory .. structure is inside the <VirtualHost structure and access is not prohibited if <Directory .. structure is outside the <VirtualHost structure.
While I read and reread the Apache 2.4 documentation in all directions, nowhere is it mentioned that <Directory does not work if in a <VirtualHost |
I'd assume your request is not handled by the virtualhost. Try adding a customlog there to easily confirm. |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Sun 22 Jan '17 18:25 Post subject: |
|
|
Hi,
I apologize for this late response.
I modify the VirtualHost with a dedicated customlog
| Code: |
<VirtualHost *:80>
ServerName techaero
DocumentRoot j:/wamp/www/techaero
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "j:/wamp/logs/techaero.log" common
<Directory "j:/wamp/www/techaero/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
<RequireAny>
Require local
Require ip 192.168.0
</RequireAny>
</Directory>
</VirtualHost>
|
Local access with 'http://techaero/' is OK in the dedicated customlog:
| Code: |
::1 - - [22/Jan/2017:16:53:22 +0100] "GET / HTTP/1.1" 200 5066
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /css/menu_h.css HTTP/1.1" 200 3723
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /css/general.css HTTP/1.1" 200 11314
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /images/crevette1.png HTTP/1.1" 200 3162
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /images/superstarliner150.jpg HTTP/1.1" 200 15268
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /images/bimoteur150.jpg HTTP/1.1" 200 6276
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /images/jesuisparis_66.jpg HTTP/1.1" 200 10503
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /images/bandeau_756.jpg HTTP/1.1" 200 27384
::1 - - [22/Jan/2017:16:53:22 +0100] "GET /favicon/favicon-16x16.png HTTP/1.1" 200 1434
|
This shows that in local access, the VirtualHost is well taken into account.
Since I do not have a second PC on the network, I do the remote access by a Smartphone in WiFi.
'http://192.168.0.10/techaero/'
Forbidden
You don't have permission to access /techaero/ on this server
In this case this the global access.log that it is written:
| Code: | | 192.168.0.15 - - [22/Jan/2017:17:00:17 +0100] "GET /techaero/ HTTP/1.1" 403 - |
and the global apache_error.log
| Code: | | [Sun Jan 22 17:00:17.248942 2017] [authz_core:error] [pid 5268:tid 928] [client 192.168.0.15:53365] AH01630: client denied by server configuration: J:/wamp/www/pasdroit.html |
I put the <Directory outside of the VirtualHost
| Code: |
<VirtualHost *:80>
ServerName techaero
DocumentRoot j:/wamp/www/techaero
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "j:/wamp/logs/techaero.log" common
</VirtualHost>
<Directory "j:/wamp/www/techaero/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride all
<RequireAny>
Require local
Require ip 192.168.0
</RequireAny>
</Directory>
|
Local access with 'http://techaero/' is OK in the dedicated customlog:
| Code: |
::1 - - [22/Jan/2017:17:10:02 +0100] "GET / HTTP/1.1" 200 5066
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /css/general.css HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /css/menu_h.css HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /images/bandeau_756.jpg HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /images/crevette1.png HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /images/superstarliner150.jpg HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:02 +0100] "GET /images/bimoteur150.jpg HTTP/1.1" 304 -
::1 - - [22/Jan/2017:17:10:03 +0100] "GET /images/jesuisparis_66.jpg HTTP/1.1" 304 -
|
I do the remote access by a Smartphone in WiFi.
'http://192.168.0.10/techaero/'
Access is OK, but not in dedicated customlog, in the global access.log
| Code: |
192.168.0.15 - - [22/Jan/2017:17:13:39 +0100] "GET /techaero/ HTTP/1.1" 200 5066
192.168.0.15 - - [22/Jan/2017:17:13:44 +0100] "GET /techaero/vilgenis/vilgenis.php HTTP/1.1" 200 15914
192.168.0.15 - - [22/Jan/2017:17:13:44 +0100] "GET /techaero/js/jquery-3.1.1.min.js HTTP/1.1" 200 86709
192.168.0.15 - - [22/Jan/2017:17:14:17 +0100] "GET /techaero/vilgenis/les_promos.php HTTP/1.1" 200 7853
192.168.0.15 - - [22/Jan/2017:17:14:17 +0100] "GET /techaero/vilgenis/images/mini/promo_toutes_160.jpg HTTP/1.1" 200 6048
|
As you wrote: "I'd assume your request is not handled by the virtualhost", it would seem that from external accesses, VirtualHost is not taken into account, but only the main server.
And I do not know why! |
|
| Back to top |
|
