Mobile app version of vmapp.org
Login or Join
Sims2060225

: How to determine what caused directory url to get access denied? Using Apache 2.4.10 on two different Linux hosts. The server configurations are very similar, and running very similar php web

@Sims2060225

Posted in: #Apache2

Using Apache 2.4.10 on two different Linux hosts.
The server configurations are very similar, and running very similar php web applications.

With one server, the uri /uploads produces:

Access forbidden!

You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.


With the other server, that uri produces a listing of the files in the uploads directory below the document root.

On both servers I've done

grep -i Indexes

in all of the .conf and .htaccess files on both servers, and all I find is:

Options FollowSymLinks Indexes

There is no index.html file in that directory, though it is readable to the httpd process. What else could cause this difference? Is there a way to verify what Options settings are in effect for httpd, or show what changes them? Or other ideas for figuring out what's going on?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Sims2060225

1 Comments

Sorted by latest first Latest Oldest Best

 

@Becky754

In poring over the config files again, I see that both servers have identical httpd.conf files, but they include different files from the "extra" subdirectory to define the vhosts. (I'm based on XAMPP for Linux 1.8.2-6, which has httpd.conf in /opt/lampp/etc/ and a directory /opt/lampp/etc/extra/ containing various other conf files, including vhosts.conf).

The common httpd.conf file has DocumentRoot "/opt/lampp/htdocs" and it contains roughly this near the top:

<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory "/opt/lampp/htdocs">
Options Indexes FollowSymLinks ExecCGI Includes
AllowOverride All
Require all granted
</Directory>

On the server that gives a directory listing, the vhosts.conf file contains no Options directives at all. So it makes perfect sense that the Options directive from httpd.conf effectively enables Indexes.

On the server that gives the Access Denied error, the vhosts.conf file contains these directives:

<Directory /opt/lampp/htdocs>
AllowOverride None
Options FollowSymLinks
</Directory>
<Directory "/opt/lampp/htdocs/xampp">
AllowOverride All
Options FollowSymLinks Indexes
</Directory>
<Directory "/opt/lampp/htdocs/test">
AllowOverride All
Options FollowSymLinks Indexes
</Directory>
<Directory "/opt/lampp/phpmyadmin">
AllowOverride All
Options FollowSymLinks Indexes
</Directory>


I think what's happening is that because none of the Options directives contain "+" or "-" prefixes on their attributes, the Options FollowSymLinks directive in the first directory section of this file has the effect of cancelling all the other attributes (including Indexes) from the first Options directive in the httpd.conf file!

And in fact I just "proved" it by editing the vhosts.conf file on the server that gave the directory listing, to add:

<Directory /opt/lampp/htdocs>
Options FollowSymLinks
</Directory>


That one change (and running lampp reloadapache) caused that server also to give the access denied error, just like the other server.

Although I could leave things this way, I think I'll change all three configuration files to start out with Options None for "/" and Options +FollowSymLinks +Indexes +ExecCGI +Includes for "/opt/lampp/htdocs" in the httpd.conf file. And in the vhosts.conf files I'll put:

<Directory /opt/lampp/htdocs>
Options +FollowSymLinks -Indexes -ExecCGI -Includes
</Directory>

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme