BreadCrumbs: Apache

Apache

From Luke Jackson

(Difference between revisions)
Jump to: navigation, search
Revision as of 02:43, 12 October 2020 (edit)
Ljackson (Talk | contribs)
(Access forbidden! You don't have access to the requested directory...)
← Previous diff
Current revision (02:53, 12 October 2020) (edit)
Ljackson (Talk | contribs)
(Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/)
 
Line 63: Line 63:
=== Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/ === === Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/ ===
-Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correction Options permissions was present. Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder+Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present.
 + 
 + Options FollowSymLinks ExecCGI Indexes
 + 
 +Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder
-rw-r--r-- 1 root root 299 Oct 11 22:33 welcome.conf -rw-r--r-- 1 root root 299 Oct 11 22:33 welcome.conf
Line 78: Line 82:
</LocationMatch> </LocationMatch>
</pre> </pre>
 +
 +This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued.
 +
 +After too much time coincidentally I read the right side of the 403 error page below:
 +
 +<pre>
 +If you are the website administrator:
 +You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.
 +</pre>
 +
 +This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf
 +
 + DirectoryIndex index.htm index.php
 +
 +After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes.
=== Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration === === Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration ===

Current revision

Contents

FAQs

How to redirect HTTP to HTTPS using mod_rewrite.

The following configuration will configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.website.com to https://www.website.com.

httpd.conf:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

.htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]

Remember, if you put this rule in the main server configuration file (usually httpd.conf) rather than an .htaccess file, you'll need to use "^/" instead of "^" at the beginning of the RewriteRule line. Because of this there are two code snippets above, one for httpd.conf and one for .htaccces.

How do I change the length of the URLs generated by mod_autoindex?

The NameWidth keyword allows you to specify the width of the filename column in bytes.

  • -NameWidth (or unset) allows mod_autoindex to calculate the best width.
  • NameWidth=n fixes the column width to n bytes wide.
  • NameWidth=* grows the column to the necessary width.

Below is an example on how to edit your httpd.conf file to enable unlimited characters:

# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort NameWidth=*

(13)Permission denied: /www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

This can range in exact location but at the core it is a permissions issue.

  • While child directories of the DocumentRoot can have a permission value of 744 the DocumentRoot needs to have a permission of 755.
  • Ensure all .htaccess files have a permission of 755
chmod -R 755 <dir_or_file(s)>

Access forbidden! You don't have access to the requested directory...

There is either no index document or the directory is read-protected.

Allow Directory Listing

  • Create .htaccess file in the affected directory and copy the text below into the file.
Options FollowSymLinks ExecCGI Indexes

Create DirectoryIndex File

  • Determine Allowable DirectoryIndex extensions from the DirectoryIndex line in your httpd.conf file.
  • Create an empty file in the affected directory.
touch index.htm

Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/

Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present.

Options FollowSymLinks ExecCGI Indexes

Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder

-rw-r--r--  1 root root  299 Oct 11 22:33 welcome.conf
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL.  To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>

This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued.

After too much time coincidentally I read the right side of the 403 error page below:

If you are the website administrator:
You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf

DirectoryIndex index.htm index.php

After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes.

Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

mod_access has changed to authz_host_module. Please load the following module to httpd.conf:

LoadModule authz_host_module modules/mod_authz_host.so

Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

configuration error: couldn't check access. No groups file?: /

LoadModule authz_user_module modules/mod_authz_user.so

Enforce password authentication unless accessing from local network

Add the following lines to your .htaccess file:

AuthUserFile /www/server.com/stuff/htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Secrets :)"
AuthType Basic

require valid-user
Allow from 192.168.85.0/24
Satisfy Any

Options FollowSymLinks ExecCGI Indexes
Personal tools