BreadCrumbs: Apache

Apache

From Luke Jackson

(Difference between revisions)
Jump to: navigation, search
Revision as of 03:47, 18 October 2007 (edit)
Ljackson (Talk | contribs)
(Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration)
← Previous diff
Current revision (02:53, 12 October 2020) (edit)
Ljackson (Talk | contribs)
(Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/)
 
Line 60: Line 60:
* Create an empty file in the affected directory. * Create an empty file in the affected directory.
touch index.htm touch index.htm
 +
 +=== Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/ ===
 +
 +Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present.
 +
 + Options FollowSymLinks ExecCGI Indexes
 +
 +Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder
 +
 + -rw-r--r-- 1 root root 299 Oct 11 22:33 welcome.conf
 +
 +<pre>
 +# This configuration file enables the default "Welcome"
 +# page if there is no default index page present for
 +# the root URL. To disable the Welcome page, comment
 +# out all the lines below.
 +#
 +<LocationMatch "^/+$">
 + Options -Indexes
 + ErrorDocument 403 /error/noindex.html
 +</LocationMatch>
 +</pre>
 +
 +This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued.
 +
 +After too much time coincidentally I read the right side of the 403 error page below:
 +
 +<pre>
 +If you are the website administrator:
 +You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.
 +</pre>
 +
 +This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf
 +
 + DirectoryIndex index.htm index.php
 +
 +After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes.
=== Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration === === Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration ===
Line 66: Line 103:
LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_host_module modules/mod_authz_host.so
 +
 +=== Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration ===
 +
 + LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
=== configuration error: couldn't check access. No groups file?: / === === configuration error: couldn't check access. No groups file?: / ===
LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_user_module modules/mod_authz_user.so
 +
 +=== Enforce password authentication unless accessing from local network ===
 +
 +Add the following lines to your .htaccess file:
 +
 +<pre>
 +AuthUserFile /www/server.com/stuff/htdocs/.htpasswd
 +AuthGroupFile /dev/null
 +AuthName "Secrets :)"
 +AuthType Basic
 +
 +require valid-user
 +Allow from 192.168.85.0/24
 +Satisfy Any
 +
 +Options FollowSymLinks ExecCGI Indexes
 +</pre>
[[Category:Linux]] [[Category:Linux]]
[[Category:Mac OS X]] [[Category:Mac OS X]]

Current revision

Contents

FAQs

How to redirect HTTP to HTTPS using mod_rewrite.

The following configuration will configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.website.com to https://www.website.com.

httpd.conf:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

.htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]

Remember, if you put this rule in the main server configuration file (usually httpd.conf) rather than an .htaccess file, you'll need to use "^/" instead of "^" at the beginning of the RewriteRule line. Because of this there are two code snippets above, one for httpd.conf and one for .htaccces.

How do I change the length of the URLs generated by mod_autoindex?

The NameWidth keyword allows you to specify the width of the filename column in bytes.

  • -NameWidth (or unset) allows mod_autoindex to calculate the best width.
  • NameWidth=n fixes the column width to n bytes wide.
  • NameWidth=* grows the column to the necessary width.

Below is an example on how to edit your httpd.conf file to enable unlimited characters:

# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort NameWidth=*

(13)Permission denied: /www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

This can range in exact location but at the core it is a permissions issue.

  • While child directories of the DocumentRoot can have a permission value of 744 the DocumentRoot needs to have a permission of 755.
  • Ensure all .htaccess files have a permission of 755
chmod -R 755 <dir_or_file(s)>

Access forbidden! You don't have access to the requested directory...

There is either no index document or the directory is read-protected.

Allow Directory Listing

  • Create .htaccess file in the affected directory and copy the text below into the file.
Options FollowSymLinks ExecCGI Indexes

Create DirectoryIndex File

  • Determine Allowable DirectoryIndex extensions from the DirectoryIndex line in your httpd.conf file.
  • Create an empty file in the affected directory.
touch index.htm

Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/

Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present.

Options FollowSymLinks ExecCGI Indexes

Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder

-rw-r--r--  1 root root  299 Oct 11 22:33 welcome.conf
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL.  To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>

This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued.

After too much time coincidentally I read the right side of the 403 error page below:

If you are the website administrator:
You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.

This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf

DirectoryIndex index.htm index.php

After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes.

Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration

mod_access has changed to authz_host_module. Please load the following module to httpd.conf:

LoadModule authz_host_module modules/mod_authz_host.so

Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

configuration error: couldn't check access. No groups file?: /

LoadModule authz_user_module modules/mod_authz_user.so

Enforce password authentication unless accessing from local network

Add the following lines to your .htaccess file:

AuthUserFile /www/server.com/stuff/htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Secrets :)"
AuthType Basic

require valid-user
Allow from 192.168.85.0/24
Satisfy Any

Options FollowSymLinks ExecCGI Indexes
Personal tools