I'm having a hell of a time setting up a web2py server in a way that allows me to access the admin and appadmin interfaces from anywhere other than localhost, which is a requirement for me because the web2py server is hosted in a cloud location without a browser or X server. I understand that to access web2py's admin or appadmin interfaces from outside localhost that I must use SSL/HTTPS.
The web2py documentation seems to declare two different ways to do this. First, from the general web2py startup tutorial:
The administrative interface, admin, is only accessible from localhost
unless you run web2py behind Apache with mod_proxy. If admin detects a
proxy, the session cookie is set to secure and admin login does not
work unless the communication between the client and the proxy goes
over HTTPS
This lead me to search the web for how to setup web2py behind and apache which lead me to the web2py deployment recipes page, where it describes setting up web2py behind apache using mod_wsgi instead of mod_proxy. These are the instructions I'm currently following exactly, with the exception of updating the /etc/apache2/sites-available/web2py file to apache2.4 syntax and modifying the ServerName directive's value to "foo.bar.com" (omitted: the domain name of cloud box containing the server, this is replaced with foo.bar.com throughout this question).
However, when I get to the
When you restart Apache, it should pass all the requests to web2py without going through the Rocket wsgiserver.
part of the that web2py+apache+mod_wsgi tutorial, apache does not appear to be passing anything to web2py for me. I went ahead and moved the wsgihandler.py file as the next step in the tutorial describes, and here's my current state:
If I browse to foo.bar.com:80 from another machine, I get the Apache2 Ubuntu Default Page (the "It works!" page).
If I browse to foo.bar.com:8000 (web2py port), I the web2py server's default interface, but with no access to admin or appadmin because of the unsecure channel.
If I try to browse to foo.bar.com:443, I get the generic "Index of /" apache server
page. On this page "/" contains one directory link "html", which
is a link to the Apache2 Ubuntu Default Page (the "It works!" page).
Other information:
I have an untouched instance of web2py installed at /home/www-data/web2py except that I've moved /home/www-data/web2py/handlers/wsgihandler.py to /home/www-data/web2py/wsgihandler.py
The contents of my /etc/apache2/site-available/ directory are:
000-default.conf (not touched by me)
default-ssl.conf (not touched by me)
web2py (created by me)
I've manually started up web2py with python ~/web2py/web2py.py --ip 10.7.166.27 (that's the IP for foo.bar.com (real domain name omitted))
apache2 is running as user www-data
The server OS is Ubuntu Server 14.04 x64
This is my /etc/apache2/sites-available/web2py file:
<VirtualHost *:80>
ServerName foo.bar.com
WSGIDaemonProcess web2py user=www-data group=www-data display-name=%{GROUP}
WSGIProcessGroup web2py
WSGIScriptAlias / /home/www-data/web2py/wsgihandler.py
<Directory /home/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Order Allow,Deny
Allow from all
</Directory>
<Location /admin>
Require all denied
</Location>
<LocationMatch ^/([^/]+)/appadmin>
Require all denied
</LocationMatch>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
<VirtualHost *:443>
ServerName foo.bar.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
WSGIProcessGroup web2py
WSGIScriptAlias / /users/www-data/web2py/wsgihandler.py
<Directory /users/www-data/web2py>
AllowOverride None
Require all denied
<Files wsgihandler.py>
Require all granted
</Files>
</Directory>
AliasMatch ^/([^/]+)/static/(.*) /users/www-data/web2py/applications/$1/static/$2
<Directory /users/www-data/web2py/applications/*/static/>
Require all granted
</Directory>
CustomLog /private/var/log/apache2/access.log common
ErrorLog /private/var/log/apache2/error.log
</VirtualHost>
Alright! I found my stupid mistake while writing this up. I had never bothered to properly configure apache itself:
/etc/apache2/sites-available/000-default.conf and /etc/apache2/sites-available/default-ssl.conf were why I was seeing what I was seeing when browsing to foo.bar.com:80 and foo.bar.com:443 respectively.
apache2.4 seems to require the .conf on configuration files, I didn't have that so I renamed /etc/apache2/sites-available/web2py to /etc/apache2/sites-available/web2py.conf
I didn't have a symlink to /etc/apache2/sites-available/web2py at /etc/apache2/sites-enabled/web2py, so I made one.
So, as of now:
When I browse to foo.bar.com:80 I get the same Apache2 Ubuntu Default Page, BUT
When I browse to foo.bar.com:80/web2py I get an internal server error which the apache logs tell me is a python import error from wsgihandler.py, which means the apache<->mod_wsgi<->web2py link is up and running
When I browse to foo.bar.com:443/web2py I get Chrome's yellow screen complaining about my self-signed certificate and after clicking through I get a permissions-denied page, presumably because of something I haven't set up yet in web2py/SSL
This means my original question is answered, but I might come back here and comment/edit if I get stumped again getting SSL to work.
I am getting
[Tue Apr 24 12:12:55 2012] [error] [client 127.0.0.1] client denied by server configuration: /labs/Projects/Nebula/bin/
My directory structure looks like (I am using Symfony 2, should be similar structure for other web frameworks)
I have vhosts setup like:
<VirtualHost nebula:80>
DocumentRoot "/labs/Projects/Nebula/web/"
ServerName nebula
ErrorLog "/var/log/httpd/nebula-errors.log"
</VirtualHost>
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
Order allow,deny
Allow from 127.0.0 192.168.1 ::1 localhost
</Directory>
I wonder whats the problem and how do I fix it?
Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error. You would also see a log message of the form "client denied by server configuration". The feature is requiring an authorized user identity to access a directory. It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive
Require all denied
This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:
Require all granted
as in
<Directory "your directory here">
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
OK I am using the wrong syntax, I should be using
Allow from 127.0.0.1
Allow from ::1
...
In Apache 2.4 the old access authorisation syntax has been deprecated and replaced by a new system using Require.
What you want then is something like the following:
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
<RequireAny>
Require local
Require ip 192.168.1
</RequireAny>
</Directory>
This will allow connections that originate either from the local host or from ip addresses that start with "192.168.1".
There is also a new module available that makes Apache 2.4 recognise the old syntax if you don't want to update your configuration right away:
sudo a2enmod access_compat
I had this issue using Vesta CP and for me, the trick was remove .htaccess and try to access to any file again.
That resulted on regeneration of .htaccess file and then I was able to access to my files.
Can you try changing "Allow from 127.0.0 192.168.1 ::1 localhost" to "Allow from all".
If that fixes your problem, you need to be less restrict about where content can be requested from
Here's my symfony 1.4 virtual host file on debian, which works fine.
<Directory /var/www/sf_project/web/>
Options All Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
If you wan't to restrict access to a specific ip range, e.g. localhost use this:
Allow from 127.0.0.0/8
The mod_authz_host is responsible for filtering ip ranges. You can look up detailed things in there.
But maybe the problem could be related to some kind of misconfiguration in your "apache2.conf".
On what OS is the apache running?
if you are having the
Allow from All
in httpd.conf then make sure us have
index.php
like in the below line in httpd.conf
DirectoryIndex index.html index.php
In my case the key was:
AllowOverride All
in vhost definition.
I hope it helps someone.
This code worked for me..
<Location />
Allow from all
Order Deny,Allow
</Location>
Hope this helps others
I am new to WAMP and I have just installed it today.
The setup went well and localhost seems to work, but when I try to access phpMyAdmin I get this error:
Forbidden
You don't have permission to access /phpmyadmin/ on this server.
Why do I get this permission access error with phpMyAdmin?
I am using Windows 7.
Change the file content of c:\wamp\alias\phpmyadmin.conf to the following.
Note: You should set the Allow Directive to allow from your local machine for security purposes. The directive Allow from all is insecure and should be limited to your local machine.
<Directory "c:/wamp/apps/phpmyadmin3.4.5/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
</Directory>
Here my WAMP installation is in the c:\wamp folder. Change it according to your installation.
Previously, it was like this:
<Directory "c:/wamp/apps/phpmyadmin3.4.5/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Modern versions of Apache 2.2 and up will look for a IPv6 loopback instead of a IPv4 loopback (your localhost).
The real problem is that wamp is binding to an IPv6 address. The fix:
just add Allow from ::1 - Tiberiu-IonuČ› Stan
<Directory "c:/wamp22/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from localhost 127.0.0.1 ::1
</Directory>
This will allow only the local machine to access local apps for Apache.
Restart your Apache server after making these changes.
You have to just check whether your WAMP server is online or not.
To put your WAMP server online, follow these steps.
Go to your WAMP server notification icon (in the task bar).
Single click on the WAMP server icon.
Select last option from the menu, that is, Put Online
Your server will restart automatically (in the latest versions only). Otherwise, you have to restart your server manually.
And you are DONE...
If you're using WAMP with Apache 2.4.2 or greater, you need to use Require all instead of Allow and remove Order Deny,Allow:
<Directory "f:/Projects/myproject/www/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
*as stated in this blog post
Just use 127.0.0.1 instead of localhost (no changes to the configuration file are required).
System:
Windows 7
wampserver2.2d-x64
This works:
http://127.0.0.1/phpmyadmin/
This one fails:
http://localhost/phpmyadmin/
I just had the same problem. It turns out that my installation of Windows is using the IPv6 address ::1 instead of 127.0.0.1. To solve this, I opened httpd.conf and changed the following line:
Allow from 127.0.0.1
to:
Allow from 127.0.0.1 ::1
Now I can access the server through localhost. Whatever you do, don't remove the Deny from all from the line above, or anyone on your network can gain access to your web server (unless that's what you want of course).
If you are on Windows 7 or 8 then Apache might be seeing the connections coming from "::1" which is the IPv6 equivalent of 127.0.0.1.
You can check this by looking in the Apache Access Log (reachable from the WAMP menu)
::1 - - [20/Dec/2012:21:35:04 +0000] "GET /phpmyadmin/ HTTP/1.1" 403 213
The ::1 at the start is the clients address. The 403 at the end is the Access Denied code.
The answers above will remove all restrictions and open phpmyadmin to all, but if you still want to restrict phpmyadmin to your machine only (generally a good idea) then under the line...
Allow from 127.0.0.1
..add the following:
Allow from ::1
(edit: Added suggestion from Nukeface)
Change
Listen 80
to
Listen 127.0.0.1:80
in your httpd.conf file. It will bind Apache to a specific IP address and port.
I found that using localhost would not work properly to allow local access from the server. I had to use 127.0.0.1.
In phpmyadmin.conf this did not work:
Deny from all
Allow from localhost
this did work:
Deny from all
Allow from 127.0.0.1
I am using WampServer Version 2.2
For Apache 2.4.2:
In httpd.conf:
Change
Require local
to
Require all granted
I wanted to run my server online and not under localhost / 127.0.0.1 and had the forbidden message. I am running the WAMP 2.2 server (Apache 2.4.2 / PHP 5.4.3 / MySQL 5.5.24) on Windows 7 64 bit. What worked for me is the following:
Press the startup WAMP icon in the menu
Choose Apache folder
Choose the file httpd.conf
Under the Directory tab section (section with "# Online --> Require all granted" text), I had the "Require local" option which I changed to "Require all granted"
Restart all services of the WAMP
Again, it worked for me and from this thread I understand that there are many cases in which you may get the above error message so if mine does not work, try other solutions.
Good luck.
(I hope it helps someone like it helped me. I did not find any one of the solutions above working for me.)
1.change D:\wamp\bin\apache\apache2.4.9\conf\httpd.conf near line 279
Require local
into
Require all granted
2.change like this in D:\wamp\alias\phpmyadmin.conf from existing one
<Directory "d:/wamp/apps/phpmyadmin4.1.14/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
Order Deny,Allow
Allow from all
</Directory>
3.Click to Restart All services in wamp.
4.Click put online in wamp.
5.Again Click to Restart All services in wamp.
Hope it Helps..
I fixed that problem before. It can happen due to many reasons, so you can use some or all of the next steps (opening mentioned files using any text editor, like Notepad++).
If you install WAMP in C:\wamp
1- Open file C:\wamp\bin\apache\apache2.2.22\conf\httpd.conf
Note: you may have a different Apache version than Apache 2.2.22, so you need to write it instead.
Search for: Directory "C:/wamp/www/". You will find something similar to this:
<Directory "C:/wamp/www/">
# maybe there is some comments here ...
AllowOverride all
Order Allow,Deny
Allow from all
</Directory>
Be sure that Allow from all is exists and not outcommented.
2- Open file C:\wamp\alias\phpmyadmin.conf.
Make sure that
<Directory "C:/wamp/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Change Allow from 127.0.0.1 to Allow from all.
You can remove Deny from all or comment it out by adding # at the beginning of the line, but you have to make sure that Allow from all is the last line of code just before </Directory>.
Note: you may have a different version than phpMyAdmin 3.5.1.
To use localhost/phpmyadmin instead of 127.0.0.1/phpmyadmin:
Open file C:\wamp\bin\apache\apache2.2.22\conf\extra\httpd-vhosts.conf. Add the following at the end of it.
<VirtualHost *:80>
DocumentRoot "C:/wamp/www"
ServerName localhost
</VirtualHost>
The simple solution to this would be to find phpmyadmin.conf file and then find below code inside it,
<Directory "c:/wamp/apps/phpmyadmin3.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
Change "Deny from all" to "Allow from all".
OR
Follow below link to get better understanding on how to do it,
WAMP says Forbidden You don't have permission to access /phpmyadmin/ on this server Windows 7 or 8
Enjoy :)
If WampServer works in the computer it is installed but not on another device in your network (e.g.: from your phone) with the 'You don't have permission to access on this server.' try the following.
1.
Edit the httpd-vhosts.conf (C:\wamp64\bin\apache\apache2.4.33\conf\extra\httpd-vhosts.conf), so it looks like this:
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
2.
Edit the phpmyadmin.conf (C:\wamp64\alias\phpmyadmin.conf), so it looks like this:
<Directory "d:/wamp64/apps/phpmyadmin4.7.9/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
Require all granted
3.
Restart WampServer services
For Apache 2.4.2 the solution is:
in httpd.conf on line 265 change Require none to Require all granted.
That's all.
I had commented out the ::1 line in my hosts file.
Even I faced the same issue with my domain. If I gave an IP address it was working. But with a domain name it was not.
Then I checked my DNS A record. The domain had multiple entries with different IP addresses assigned. I removed all the wrong values, and it worked. Just one more check list if anyone faces a similar issue.
Just edit the file "c:\wamp\alias\phpmyadmin.conf"
like this
<Directory "C:/wamp64/apps/phpmyadmin4.5.5.1/">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
In WAMP 3.1.4 x64 I solved updating the file C:\wamp64\alias\phpmyadmin.conf from this:
Alias /phpmyadmin "c:/wamp64/apps/phpmyadmin4.8.3/"
<Directory "c:/wamp64/apps/phpmyadmin4.8.3/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
<ifDefine APACHE24>
Require local
</ifDefine>
<ifDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from localhost ::1 127.0.0.1
</ifDefine>
# To import big file you can increase values
php_admin_value upload_max_filesize 128M
php_admin_value post_max_size 128M
php_admin_value max_execution_time 360
php_admin_value max_input_time 360
</Directory>
to this:
Alias /phpmyadmin "c:/wamp64/apps/phpmyadmin4.8.3/"
<Directory "c:/wamp64/apps/phpmyadmin4.8.3/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride all
Require all granted
# To import big file you can increase values
php_admin_value upload_max_filesize 128M
php_admin_value post_max_size 128M
php_admin_value max_execution_time 360
php_admin_value max_input_time 360
</Directory>
And finally restarting all WAMP services.
In my case, the problem was that the phpMyAdmin version was specified wrongly in the phpmyadmin.conf file. You may check that:
Go to wamp/apps/phpmyadmin3.x.x: notice the file name - what version you are currently using?
Open file wamp/alias/phpmyadmin.conf:
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Deny,Allow
Allow from all
Check the first line (directory "c:/wamp/apps/phpmyadmin3.x.x/") is the file name exactly the same as your actual file name.
Make sure the directory file name is absolutely correct.
replace localhost with 127.0.0.1 in your URL, worked for me.
I had a similar issue. My Apache configuration file looked like this:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot "C:/wamp64/www/vtigercrm"
<Directory "/"
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Here's how I fixed it:
The issue was that I specified the Directory as "/" (that is root folder on my server) instead of "C:/wamp64/www/vtigercrm/", which is where I have my website files.
I modified my configuration this way:
<VirtualHost *:80>
ServerName mywebsite.com
ServerAlias www.mywebsite.com
DocumentRoot "C:/wamp64/www/vtigercrm"
<Directory "C:/wamp64/www/myvtigercrm/"
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
And everything worked fine.
What was going on with my setup was that WAMP was binding to an IPv6 Address (and every subsequent time I reinstalled WAMP).
To fix this, I went into c:\wamp\alias\phpmyadmin.conf and added the line Allow from ::1
The reason might be 127.0.0.1 is not linked to localhost. Check your 'C:\Windows\System32\drivers\etc\hosts' file. It should have a line like this:
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
I tried to set up my password... And that's how I got locked out from localhost. They should fix this...
Anyway, be careful with random advice. They all may or may not work. But some advice will lock you out even further. The one that worked for me:
Type "http://127.0.0.1/phpmyadmin/" in the address bar.
Then I discovered that http://localhost/phpmyadmin/ also works.
However, before that, out of desperation I had...
I deleted the files, I uninstalled WAMP, deleted temporary cookies, and installed WAMP again. It still doesn't accept "localhost" (and I am tired after a day trying to access WAMP), but the 127.0.0.1 and the localhost/phpmy... work. I am happy to see the page back. And start working again.
If you read this thread all the way to here means you are probably in a big problem... Windows 8, WAMP (wampserver 2.2). I wonder what it needs to get back access to localhost.
In my case a WAMP server was installed before on my pc, so when installing the new one some files not overwritten, all you have to do in that case is to go to the C:\ and delete the whole WAMP folder then install it again.
Check if you are logged in as root or user with privileges. Just to be sure, logout and login again with root/no-password.
If your WAMP icon is not green try:
Left Click WAMP Icon > MySQL > Services > Install Service
So all of these answers are basically the same one. They only address one idea: it has to be DNS related. Well, that is not the only part of this it turns out. After many changes, I was getting nowhere reading the next "same answer" hoping that it would just go my way.
What did the trick for me was to adjust my versions of Apache. I think what the deal was, is that the one of the configuration files get a path off or that the install due to IIS may have been messed up / or / or /etc. And so forcing a version change readdresses everything from your firewall to bad configurations.
In fact, when I switched back to Apache 2.4.2 it goes back to being a forbidden. And as soon as I go back to Apache 2.4.4 it comes back up. That rules out local network issues. I just wanted to point out that all of the answers here are the same and that I have been able to kill the forbidden by changing the Apache version.
I had the same problem. The hosts file is corrupted!
there were:
localhos 127.0.0.1
localhost 127.0.0.1
localhos 127.0.0.1
localhos 127.0.0.1
The result is that localhost is not defined.
Solution: edit the hosts file with admin rights and correct to only one entry:
localhost 127.0.0.1