[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Apache is busted, not sure how or why

Subject: Re: Apache is busted, not sure how or why
From: "Kyle Sluder" <email@hidden>
Date: Sat, 24 Nov 2007 17:45:13 +0000
Delivered-to: email@hidden
Delivered-to: email@hidden
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=7/K2bTogA3xPibRj9iK1w3FrCr43+7EPeVjXQ6d+dr8=; b=XoS4XQ17rJJn4pLBdUIkai5Yi5HoWLEoEonqYuWdqWy0ZXJRXaQ1t1u7UU3JCro5nkh36Ek7FfCzNtxuF4iSTs30e0w9Fg+xWATF7VMUQRn+4md8s0uyk/dUGIKbIx3Uvg80PGgBio2lvV38FyMaIZBQ/fuE9ZSzdhkLICy4xFI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Kkm/WZ7TUivv0vwwUe56IiDtNXJdx/YLRj0Q3UkyMXCgRPy2oLFwVa8sdwylKJZZjxv6o954WqfOMH+0pAYrSmdGHoX0Ee1GTq7eqYlZyxhiixW4QHaAtSEyqseXnH/jmJUIP+nYFNRLxlW5b5eSihd0eFoAI2JiFVVDkYaSYho=

Just to clarify, the execute bit should not be applied to any files
that are not CGI executables (of which I doubt you're using any).
Directories must have the execute bit set for the user that Apache
runs as (www on Tiger, _www on Leopard).  On Unix, the execute bit on
a directory means "allowed inside this directory".

So, for example...
/Library/WebServer/Documents: www:admin rwxrwxr-x
/Library/WebServer/Documents/index.html www:admin rw-rw-r--

(I've given www write permission so that mod_dav works correctly.)

You don't happen to have a .htaccess file in
/Library/WebServer/Documents, do you?

--Kyle Sluder

On Nov 24, 2007 4:27 PM, Gene Anderson <email@hidden> wrote:
> David Colville <email@hidden> writes:
> >What are your Apache access logs indicating?  These will often give
> >you a better representation of the issue?
>
> 192.168.1.110 - - [23/Nov/2007:08:33:20 -0700] "GET /favicon.ico HTTP/1.1"
> 403 296
> 192.168.1.110 - - [23/Nov/2007:08:34:36 -0700] "GET / HTTP/1.1" 403 285
> 192.168.1.110 - - [23/Nov/2007:08:34:36 -0700] "GET /favicon.ico HTTP/1.1"
> 403 296
> 129.215.100.25 - - [23/Nov/2007:08:36:50 -0700] "GET / HTTP/1.1" 403 285
> 129.215.100.25 - - [23/Nov/2007:08:36:50 -0700] "GET /favicon.ico
> HTTP/1.1" 403 296
> 192.33.97.66 - - [23/Nov/2007:08:36:51 -0700] "GET / HTTP/1.1" 403 285
> 192.33.97.66 - - [23/Nov/2007:08:36:52 -0700] "GET /favicon.ico HTTP/1.1"
> 403 296
> 137.82.3.32 - - [23/Nov/2007:08:37:17 -0700] "GET / HTTP/1.1" 403 285
> 137.82.3.32 - - [23/Nov/2007:08:37:17 -0700] "GET /favicon.ico HTTP/1.1"
> 403 296
> 81.217.140.209 - - [23/Nov/2007:11:33:13 -0700] "GET / HTTP/1.1" 403 285
> 192.168.1.33 - - [23/Nov/2007:12:16:46 -0700] "GET / HTTP/1.0" 403 -
> 192.168.1.33 - - [23/Nov/2007:12:16:46 -0700] "GET /favicon.ico HTTP/1.0"
> 403 -
> 192.168.1.33 - - [23/Nov/2007:12:17:27 -0700] "GET / HTTP/1.0" 403 273
> 192.168.1.33 - - [23/Nov/2007:12:19:25 -0700] "GET / HTTP/1.0" 403 273
> 66.196.97.161 - - [23/Nov/2007:12:25:04 -0700] "GET / HTTP/1.0" 403 273
> 66.196.97.161 - - [23/Nov/2007:12:25:04 -0700] "GET / HTTP/1.0" 403 273
> 192.168.1.33 - - [23/Nov/2007:12:52:13 -0700] "GET / HTTP/1.0" 403 273
> 192.168.1.33 - - [23/Nov/2007:12:52:13 -0700] "GET /favicon.ico HTTP/1.0"
> 403 284
> 24.65.236.220 - - [24/Nov/2007:09:16:35 -0700] "GET / HTTP/1.1" 403 285
> 24.65.236.220 - - [24/Nov/2007:09:16:35 -0700] "GET /favicon.ico HTTP/1.1"
> 403 296
>
> As you can see, everything gets a 403. Is there something in Apache that
> could wrong? Something in the config that would act like a denyall rule?
> Config is below:
>
> <VirtualHost 192.168.1.14:80>
>         ServerName courses.phrd.ab.ca
>         ServerAdmin email@hidden
>         DirectoryIndex "index.html" "index.php"
>         CustomLog '|/usr/sbin/rotatelogs "/var/log/httpd/access_log"
> 604800' "%h %l %u %t \"%r\" %>s %b"
>         <Directory "/Library/WebServer/Documents">
>                 Options All +Includes -Indexes +MultiViews +ExecCGI
>                 <IfModule mod_dav.c>
>                         DAV Off
>                 </IfModule>
>                 AllowOverride All
>         </Directory>
>         ErrorLog '|/usr/sbin/rotatelogs "/var/log/httpd/error_log" 604800'
>         ErrorDocument 404 /error.html
>         LogLevel debug
>         <IfModule mod_ssl.c>
>                 SSLCertificateFile "/etc/certificates/Default.crt"
>                 SSLEngine Off
>                 SSLCipherSuite
> "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL"
>                 SSLLog "/var/log/httpd/ssl_engine_log"
>                 SSLCertificateKeyFile "/etc/certificates/Default.key"
>         </IfModule>
>         <IfModule mod_dav.c>
>                 DAVLockDB "/var/run/davlocks/.davlockany_80_default"
>                 DAVMinTimeout 600
>         </IfModule>
>         <IfModule mod_rewrite.c>
>                 RewriteEngine On
>                 RewriteRule .* - [F]
>                 RewriteCond %{REQUEST_METHOD} ^TRACE
>         </IfModule>
>         <IfModule mod_alias.c>
>         </IfModule>
>         DocumentRoot "/Library/WebServer/Documents"
>         ServerAlias *
> </VirtualHost>
>
> >
> >How about the permissions on the index page itself rather than that
> >directory?
>
> -rwxr-xr-x    1 www  admin    183 Sep 12 08:49 index.html
>
> Just to check I removed the original file, made a brand new one with
> BBEdit and set permissions to the ones above.
> >
> >Have you got a realm involved without realising it?
> >
> I had wondered that myself at first. But no, there are no realms defined
> in ServerAdmin.
>
>
>
>
> Gene Anderson
> Systems Analyst, Microsoft Certified Professional
> Pembina Hills Regional Division No.7
> Phone: (780) 674-8535 ext 6860
> email: email@hidden
>
> "Passwords are like bubble gum, strongest when fresh, should never be
> used by groups and create a sticky mess when left laying around"
>
> -anon
>
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> http://lists.apple.com/mailman/options/macos-x-server/kyle.sluder%email@hidden
>
> This email sent to email@hidden
>
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: Apache is busted, not sure how or why
  - From: "Gene Anderson" <email@hidden>

References:
	>Re: Apache is busted, not sure how or why (From: "Gene Anderson" <email@hidden>)
	>Re: Apache is busted, not sure how or why (From: Jose Hales-Garcia <email@hidden>)
	>Re: Apache is busted, not sure how or why (From: "Gene Anderson" <email@hidden>)
	>Re: Apache is busted, not sure how or why (From: David Colville <email@hidden>)
	>Re: Apache is busted, not sure how or why (From: "Gene Anderson" <email@hidden>)

Prev by Date: Re: Software RAID0 IO error
Next by Date: Re: Help Tuning Postfix on 10.4
Previous by thread: Re: Apache is busted, not sure how or why
Next by thread: Re: Apache is busted, not sure how or why
Index(es):
- Date
- Thread

Home