PDA

View Full Version : Web Issues - Access Forbidden!


rytech
28th September 2005, 05:00
I just installed ISPConfig using the SuSE 9.3 because I am more familiar with it and we use it on multiple servers here. After the setup, I tried acessing the webpage for the new site that i created, I get a message saying Access forbidden! - You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

I know the reason I am getting the error, but not sure why I am getting the error. The reason is because the webserver is trying to access the /srv/www/htdocs directory rather than /srv/www/web1/web directory.

The actual error message from log files is " Directory index forbidden by rule: /srv/www/htdocs/"

Does anyone know how to change this so that I can get it to access the correct directories. All the email portion is working fine along with all DNS.

I would like to really get this working because it will save us time in setting up our customers domains. Any help would be greatly appreciated. I noticed someone else had an error with this in another forum but there was no resolution except for he changed to another server.

Ovidiu
28th September 2005, 08:18
... the webserver is trying to access the /srv/www/htdocs directory rather than /srv/www/web1/web directory.

The actual error message from log files is " Directory index forbidden by rule: /srv/www/htdocs/".

I am using Debian but I had to select advanced mode during install to point to the right web server folder - in the Debian howto Sarge it is indicated at the end of the tutorial that you have to do this if you want to use su-exec, I don't know about the Suse tutorial.

But why don't you go to your ISPcfg administration pane land go to server settings select category web and I am sure you can set the path to your web there...

falko
28th September 2005, 09:22
I just installed ISPConfig using the SuSE 9.3 because I am more familiar with it and we use it on multiple servers here. After the setup, I tried acessing the webpage for the new site that i created, I get a message saying Access forbidden! - You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

I know the reason I am getting the error, but not sure why I am getting the error. The reason is because the webserver is trying to access the /srv/www/htdocs directory rather than /srv/www/web1/web directory.

The actual error message from log files is " Directory index forbidden by rule: /srv/www/htdocs/"

Does anyone know how to change this so that I can get it to access the correct directories. All the email portion is working fine along with all DNS.

I would like to really get this working because it will save us time in setting up our customers domains. Any help would be greatly appreciated. I noticed someone else had an error with this in another forum but there was no resolution except for he changed to another server.

Did you follow the tutorial for SuSE 9.3? http://www.howtoforge.com/perfect_setup_suse_9.3

uralter_artifex
28th September 2005, 17:31
Hello there,

I followed Falko's tutorial on preparing SuSE 9.3 for ISPConfig and afterwards the installation howto on ispconfig.org. Everything works fine, except for the web access to subdirectories of the individual document root (/home/www/webXX/web). I can access the index.html via the browser, but when I try to access any subdirectories (including the individual error pages) Apache gives me an 403 error.
The permissions are set to the site's admin (web1_adm.web1). "Chown -R wwwrun.www" and even "chmod -R 777" didn't solve it. A new installation from scratch with /srv/www as DocumentRoot had the same result.
When I set up a new site manually without having it managed by ISPConfig, everything works fine. So I guess it must be an issue with ISPConfig's way on setting up SuSE's Apache2.

rytech
28th September 2005, 19:23
I followed the guide to installing the software. I also had a support guy log in and he could not see anything wrong with apache saying it should be working fine.

I did install using expert mode and chose the directory according to the guide - "/srv/www". I think i agree with uralter_artifex and this could be a problem with ISPconfig and SuSE.

I really like the SuSE package because it's really nice to use. If I have to change software any recommendations?

till
28th September 2005, 21:45
Generally, ISPConfig works fine with SuSe 9.3 and SuSe 10, it has been tested many times.

Are the vhosts written correctly to the file Vhost_ispconfig.conf or is the file empty?
Are there any errors in the ispconfig logfile?

/home/admispconfig/ispconfig/ispconfig.log

uralter_artifex
28th September 2005, 22:15
Thanks for the quick reply.
The ispconfig.log shows no errors. The apache log has the line
[Wed Sep 28 12:59:18 2005] [error] an unknown filter was not added: PHP in it, but .php files work as long as they are in /home/www/web1/web and not in a subdirectory below that.

The Vhosts_ispconfig.conf looks like this:

###################################
#
# ISPConfig vHost Configuration File
# Version 1.0
#
###################################
#
NameVirtualHost 85.214.25.27:80
#
#
######################################
# Vhost: www.luxev-ratingen.de:80
######################################
#
#
<VirtualHost 85.214.25.27:80>
ServerName www.luxev-ratingen.de:80
ServerAdmin webmaster@luxev-ratingen.de
DocumentRoot /home/www/web1/web
ServerAlias luxev-ratingen.de
DirectoryIndex index.html index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
ErrorLog /home/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php3>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php4>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
<Files *.php5>
SetOutputFilter PHP
SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
Alias /error/ "/home/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /home/www/web1/user/$1/web/$3
</VirtualHost>

When I try to access the directory /home/www/web1/web/quickstart-3.8.0 which is part of typo3, Apache shows
Forbidden

You don't have permission to access /quickstart-3.8.0/typo3/install/index.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.53 (Linux/SUSE) Server at www.luxev-ratingen.de Port 80
Permissions for these directories and files are still set to the site's admin (web1_adm.web).
I created the subdirectoy /home/www/web1/web/test and copied the original index.html into it. That works perfectly. Does the number of subdirectories make a difference? Or the softlink in the typo3 files?
There are no problems with typo3 on SuSE 9.3/Apache2 virtual hosts without ISPConfig.

falko
28th September 2005, 23:12
What are the permissions of quickstart-3.8.0/typo3/install/index.php? Maybe Apache is allowed to access the directories, but not the file index.php because it has no read permissions on that file.

uralter_artifex
28th September 2005, 23:57
Permissions for these directories, subdirectories and files are set to the site's admin (web1_adm.web).
chmod -R 777 /home/www/web1/web/ -> still 403
chown -R wwwrun.www /home/www/web1/web/ -> still 403

rytech
29th September 2005, 02:53
I reinstalled SuSE on the machine, works fine now.

Thanks for the help

uralter_artifex
29th September 2005, 11:00
Hello there,

still getting 403 here.
I will do some testing whether this problem is specific for typo3 on ISPConfig. Has anyone managed to install both on SuSE 9.3?

Thanks for your hints and suggestions.

jaffaizal
17th February 2006, 15:40
I reinstalled SuSE on the machine, works fine now.

Thanks for the help

Rytech,

Did you have to reinstall ISPconfig again?
I am experiencing the same problem as 'uralter_artifex'.

BTW, I am using typo3 3.8.1
Placed the typo3_src-3.8.1 folder in '/home/www/web13'
Placed quickstart-3.8.1 folder in '/home/www/web13', then rename it to 'web'

Jaf

falko
17th February 2006, 18:36
BTW, I am using typo3 3.8.1
Placed the typo3_src-3.8.1 folder in '/home/www/web13'
Placed quickstart-3.8.1 folder in '/home/www/web13', then rename it to 'web'

Jaf
You must put all your files into /home/www/web13/web, not /home/www/web13.

SkyBlueshoes
28th May 2006, 00:32
I just transferred over my previous site and I'm getting some of these same errors. My index page is index.php and it reads fine, but it can't read the images from the subdirectory /home/www/web1/web/img/, nor is my php able to write to text files. I have a simple counter that uses flatfiles and it gives me this error:

Warning: fopen(ip.txt): failed to open stream: Permission denied in /home/www/web1/web/footer.php on line 29

I tried to go directly to the image file and I recieved a 500 internal server error, also getting this error when trying to access any files within subdirectories of docroot: eg: /home/www/web1/web/subdirectory/anyfile.php

I'm also having another problem when trying to add mailbox users for the site: The username is already in use.



Is there a solution to this? should Apache2 run as a different user:group?

till
28th May 2006, 10:24
Is there a solution to this? should Apache2 run as a different user:group?

Thsts a common pronblem. Either you must make the directorys world writable, which is pretty insecure or you must run PHP as php-cgi with suexec or with the mod_suphp wrapper.

elCorazon
17th June 2006, 14:23
Thsts a common pronblem. Either you must make the directorys world writable, which is pretty insecure or you must run PHP as php-cgi with suexec or with the mod_suphp wrapper.

Hi
did I get that right? If I want the webserver being able to read/write PHP and directories I have to make them world read/writable?

I installed ISPConfig a few days ago and it seemed to be a good system to me. But now I have some Problems:
1. I have to configure an open_basedir other than the users root itself. I solved that, by inserting it by hand in /root/ispconfig/scripts/lib/config.lib.php line 1363 (Version 2.2.3).
2. The permission problem: I don't want my webroots to be world readable least of all world writable. ISPConfig resets the permissions some way, but I'm not shure what it does and when. My favourite setup would be
/var/www/webX 775 webX_admin:webX
/var/www/webX/web 770 www-data:webX
/var/www/webX/web/all-dirs 770 www-data:webX
/var/www/webX/web/all-files 660 www-data:webX

Could one of the developers please write in short what ISPConfig does?
Thanks a lot!

till
17th June 2006, 16:15
Hi
did I get that right? If I want the webserver being able to read/write PHP and directories I have to make them world read/writable?

No. You have just read the first part of the sentence. The alternative is:

... or you must run PHP as php-cgi with suexec or with the mod_suphp wrapper.

elCorazon
17th June 2006, 16:25
OK, sorry for not writing that: ...with running PHP as module. My question was if a permission setting like the described would be possible or what ISPConfig sets the permissions to.

salamankero
17th June 2006, 23:18
My issue seems to be similar to this, but not quite exact.

I installed this on an existing fedora core 3 system using the perfect install guide. When I setup a site and tried to access it, I would always get the default Apache site. After looking through the httpd.conf file I noticed there was no include for the Vhosts_ispconfig.conf file. I also looked at the Server Settings and noticed that the directory/filename for the httpd.conf file was wrong.

I added the correct path to the conf dir, and the full path to the httpd.conf file in Server Settings, deleted and recreated my site, and added an Include in Apache's httpd.conf file to include the Vhosts_ispconfig.conf file. When I do a reload of apache I get:

(13)Permission denied: httpd: could not open error log file /home/www/web6/log/error.log.
Unable to open logs

in my /etc/httpd/logs/error_log file and

Starting httpd: Warning: DocumentRoot [/home/www/web5/web] does not exist
[FAILED]

to the console.

I have tried playing with file permissions and ownerships, but nothing has helped. I am wondering if during the setup process ISPConfig didn't know where to find my httpd.conf file so some changes didn't get made there (say a Directory permission setting).

I was hoping someone could send me a copy of their httpd.conf file or give me a solution to my problem that I may not be thinking of.

Thanks in advance!

Sal...

falko
18th June 2006, 13:06
OK, sorry for not writing that: ...with running PHP as module. My question was if a permission setting like the described would be possible or what ISPConfig sets the permissions to.
ISPConfig sets all directories underneath /var/www/webX/web to webX_admin:webX, with the directories having permissions of 755.

You can make all webs use PHP Safe Mode, so that no PHP scripts can break out of their web site, and/or you can use suPHP: http://www.howtoforge.com/apache2_suphp_php4_php5

falko
18th June 2006, 13:07
My issue seems to be similar to this, but not quite exact.

I installed this on an existing fedora core 3 system using the perfect install guide. When I setup a site and tried to access it, I would always get the default Apache site. After looking through the httpd.conf file I noticed there was no include for the Vhosts_ispconfig.conf file. I also looked at the Server Settings and noticed that the directory/filename for the httpd.conf file was wrong.

I added the correct path to the conf dir, and the full path to the httpd.conf file in Server Settings, deleted and recreated my site, and added an Include in Apache's httpd.conf file to include the Vhosts_ispconfig.conf file. When I do a reload of apache I get:

(13)Permission denied: httpd: could not open error log file /home/www/web6/log/error.log.
Unable to open logs

in my /etc/httpd/logs/error_log file and

Starting httpd: Warning: DocumentRoot [/home/www/web5/web] does not exist
[FAILED]

to the console.

I have tried playing with file permissions and ownerships, but nothing has helped. I am wondering if during the setup process ISPConfig didn't know where to find my httpd.conf file so some changes didn't get made there (say a Directory permission setting).

I was hoping someone could send me a copy of their httpd.conf file or give me a solution to my problem that I may not be thinking of.

Thanks in advance!

Sal...

Please open a new thread for this topic. It's not related to this thread's topic.

elCorazon
21st June 2006, 20:53
ISPConfig sets all directories underneath /var/www/webX/web to webX_admin:webX, with the directories having permissions of 755.

You can make all webs use PHP Safe Mode, so that no PHP scripts can break out of their web site, and/or you can use suPHP: http://www.howtoforge.com/apache2_suphp_php4_php5

OK, its true I don't have a problem when running php in safe mode with basedir restriction... But what about the users that do ssh? They can cd into every users directory and read every file??
There have to be DB-passwords somewhere...

I don't think that it is a good idea to give world read permission to any user directory by ISPconfig...
Just a thought... I can't see any good alternative to ISPconfig and I think I will be happy with it, but this one thing I don't like too much. Think I'm gonna remove it from the code on my own and maybe find another solution as posted above.

Anyway, thanks for the tool ;)

till
21st June 2006, 22:16
But what about the users that do ssh?

You may use chroot ssh. The next ISPConfig Dev release and maybe also the next stable relaese will have ChrootSSH support by default.

falko
22nd June 2006, 15:25
I've written achrooted SSH tutorial: http://www.howtoforge.com/chrooted_ssh_howto_debian
Maybe it helps you. :)