I'm trying to allow all requests to a specific url for webhooks to a development platform. Require expr works partially.
This website should only be completly accessible for specifig users. Using
"Require expr %{REQUEST_URI} =~ m#^.*webhook.*$#" I'm trying to get this working. I also tried LocationMatch, which won't work for other circumstances.
AuthType Basic
AuthName "Please enter password"
require group xy yz
<IfModule mod_authz_core.c>
<RequireAny>
Require expr %{REQUEST_URI} =~ m#^.*webhook.*$#
...
</RequireAny>
</IfModule>
If I call the url example.com/webhook/xyz/ the request is not accepted and returns the realm login.
The log:
[Mon May 27 20:15:58.972495 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of Require group xy yz: denied (no authenticated user yet)
[Mon May 27 20:15:58.972519 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of Require expr %{REQUEST_URI} =~ m#^.*webhook.*$#: granted
[Mon May 27 20:15:58.972526 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of <RequireAny>: granted
[Mon May 27 20:15:58.972813 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of Require group xy yz: denied (no authenticated user yet)
[Mon May 27 20:15:58.972824 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of Require expr %{REQUEST_URI} =~ m#^.*webhook.*$#: denied
[Mon May 27 20:15:58.973126 2019] [authz_core:debug] [pid 15344] mod_authz_core.c(820): [client xxx.xxx.xxx.xxx:50341] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Mon May 27 20:15:58.973154 2019] [auth_basic:error] [pid 15344] [client xxx.xxx.xxx.xxx.47:50341] AH01614: client used wrong authentication scheme: /router.php
And I really don't know why he is denying this requests after it was granted. Maybe a redirect? PHP says $_SERVER['REQUEST_URI'] is still the same after I tried to grant my ip address. So I guess it's not a redirect issue. Any idea what can cause that problem or how to debug this?
Related
I'm trying to create RESTFul API on my server using PHP. No problems with GET or POST requests, but I can't get PUT or DELETE requests working.
At first, I tried without configuring Apache: all I get is a 403 Unauthorized error. Then I use Limit:
<Limit GET HEAD POST PUT DELETE OPTIONS>
Require all granted
</Limit>
I get a 405 Method Not Allowed error.
From here, I've tried multiple configurations (AllowMethods, ...) but still get the 405 error.
When I activate upper level of Apache's logs, It indicate all is fine, but still return 405 code:
[authz_core:debug] [pid 43259] mod_authz_core.c(817): AH01626: authorization result of Require all granted: granted
[authz_core:debug] [pid 43259] mod_authz_core.c(817): AH01626: authorization result of <RequireAny>: granted
[http:trace3] [pid 43259] http_filters.c(1125): Response sent with status 405, headers:
[http:trace5] [pid 43259] http_filters.c(1134): Date: Thu, 06 May 2021 06:55:24 GMT
[http:trace5] [pid 43259] http_filters.c(1137): Server: Apache/2.4.41 (Ubuntu)
[http:trace4] [pid 43259] http_filters.c(955): Allow: GET,POST,OPTIONS,HEAD
[http:trace4] [pid 43259] http_filters.c(955): Content-Length: 306
[http:trace4] [pid 43259] http_filters.c(955): Content-Type: text/html; charset=iso-8859-1
I read sometimes server web applications like Jira can cause this, but I only install PhpMyAdmin.
How can I use PUT or DELETE requests ?
NOTE: Apache/2.4.41 (Ubuntu)
Fixed.
A global Apache2 configuration /etc/apache2/mods-enabled/userdir.conf define the following rules:
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept >
I'm not sure why the <Limit> was partially ignore in .htaccess (error 405 instead 403 when active) but work if granted all with no <Limit>.
I have an apache server on VPS powered by centos7.
I have a usual website here, and now I want to add flask application.
httpme.tk is my flask application
mniek.ru is my website
so, the configs looks like that:
/etc/httpd/conf.d/http_error_api.conf
<VirtualHost *>
ServerName www.httpme.tk
ServerAlias httpme.tk
WSGIDaemonProcess application user=apache group=apache threads=5
WSGIScriptAlias / /var/www/http_error_api/wsgi.py
WSGIScriptReloading On
<Directory /var/www/http_error_api>
WSGIProcessGroup application
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
/etc/httpd/conf.d/mniek.ru.conf
<VirtualHost *:80>
ServerAdmin n-i-k-i-t#yandex.ru
ServerName mniek.ru
ServerAlias www.mniek.ru
DocumentRoot /var/www/mniek.ru
<Directory /var/www/mniek.ru>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/www/mniek.ru/logs/error.log
CustomLog /var/www/mniek.ru/logs/access.log common
</VirtualHost>
<VirtualHost *:443>
ServerAdmin n-i-k-i-t#yandex.ru
ServerName mniek.ru
ServerAlias www.mniek.ru
DocumentRoot /var/www/mniek.ru
<Directory /var/www/mniek.ru>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/www/mniek.ru/logs/error.log
CustomLog /var/www/mniek.ru/logs/access.log common
</VirtualHost>
And my /var/www/http_error_api/wsgi.py file:
from sys import path
path.insert(0, '/var/www/http_error_api')
from main import app as application
Apache logs:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.26.144. Set the 'ServerName' directive globally to suppress this message
[Sun Jul 19 07:50:35.700799 2020] [lbmethod_heartbeat:notice] [pid 65294] AH02282: No slotmem from mod_heartmonitor
[Sun Jul 19 07:50:35.725938 2020] [mpm_prefork:notice] [pid 65294] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Jul 19 07:50:35.725986 2020] [core:notice] [pid 65294] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jul 19 07:55:41.639120 2020] [mpm_prefork:notice] [pid 65294] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jul 19 07:55:42.784997 2020] [suexec:notice] [pid 65403] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.26.144. Set the 'ServerName' directive globally to suppress this message
[Sun Jul 19 07:55:42.838510 2020] [lbmethod_heartbeat:notice] [pid 65403] AH02282: No slotmem from mod_heartmonitor
[Sun Jul 19 07:55:42.868170 2020] [mpm_prefork:notice] [pid 65403] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Jul 19 07:55:42.868215 2020] [core:notice] [pid 65403] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Sun Jul 19 08:06:12.281355 2020] [mpm_prefork:notice] [pid 65403] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jul 19 08:06:13.880590 2020] [suexec:notice] [pid 65576] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 0.0.26.144. Set the 'ServerName' directive globally to suppress this message
[Sun Jul 19 08:06:13.935885 2020] [lbmethod_heartbeat:notice] [pid 65576] AH02282: No slotmem from mod_heartmonitor
[Sun Jul 19 08:06:13.973518 2020] [mpm_prefork:notice] [pid 65576] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Sun Jul 19 08:06:13.973573 2020] [core:notice] [pid 65576] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
The problem is: when I open mniek.ru, I'm getting to my website. Also, when I go to httpme.tk, I'm also getting to my website, not to my flask application. What's wrong?
Im on the end with my knowledge, same for my IT admin.
We setup a new Debian GNU/Linux 8 server
Installed apache and all..
ALL works Except the darn rules. Strange thing is. The rewrite rule log says they are working but the browser from which we open the url dous not.
Here is the complete log from when i open xxx.xxx.xxx/bla
[Fri Dec 16 03:37:04.064896 2016] [rewrite:trace2] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] init rewrite engine with requested uri /bla/
[Fri Dec 16 03:37:04.064936 2016] [rewrite:trace3] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] applying pattern '^/deploy/ajax/(.+)/(\\w+)/(\\w+?)$' to uri '/bla/'
[Fri Dec 16 03:37:04.064944 2016] [rewrite:trace3] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] applying pattern '^/bla/$' to uri '/bla/'
[Fri Dec 16 03:37:04.064950 2016] [rewrite:trace2] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] rewrite '/bla/' -> '/deploy/main.phtml'
[Fri Dec 16 03:37:04.065044 2016] [rewrite:trace2] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] local path result: /deploy/main.phtml
[Fri Dec 16 03:37:04.065062 2016] [rewrite:trace1] [pid 1850] mod_rewrite.c(475): [client xxx.xxx.xxx:22260] xxx.xxx.xxx - - [sccatdev.office.dig/sid#7f35b0df5d20][rid#7f35b0d3c0a0/initial] go-ahead with /deploy/main.phtml [OK]
To clerify, i emptied the logs. and opend exacly 1 time the page i got a 404, but logs say it passed the main.phtml trough.. so... wtf?
For testing i made a simple bla rule:
<VirtualHost *:80>
ServerName xxxx.xxx.xxx
ServerAdmin webmaster#dig.at
DocumentRoot /data1/www/xxxx.xxx.xx/htdocs
DirectoryIndex index.html index.phtml index.php
ErrorLog /data1/www/xxxx.xxx.xx/logs/error.log
CustomLog /data1/www/xxxx.xxx.xx/logs/access.log combined
LogLevel alert rewrite:trace8
#ajax handler for
RewriteEngine On
RewriteRule ^/deploy/ajax/(.+)/(\w+)/(\w+?)$ /deploy/ajax/handler.php?path=$1&class=$2&method=$3 [L,QSA]
RewriteRule ^/bla$ /deploy/main.phtml
</VirtualHost>
yess mod rewrite ext is on... yes we traced the call in the error log... the log is given above... we tried all what google spited out.
Server is a fresh install of:
Distributor ID: Debian
Description: Debian GNU/Linux 8.6 (jessie)
Release: 8.6
Codename: jessie
Version:2.5
I know there are many guides to do this but it does not work for some reason and I can't even this is what I did
in Virtual Host
<VirtualHost *:80>
DocumentRoot "D:/wamp/www"
ServerName localhost
<Directory "D:/wamp/www">
Options Indexes FollowSymLinks
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:/elgg"
ServerName elgg.local
ServerAlias elgg.local
<Directory "C:/elgg">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
in Hosts File
127.0.0.1 localhost
::1 localhost
127.0.0.1 elgg.local
::1 elgg.local
in Conf File
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
I did all this but when i type elgg.local it searches for an actual website
last 10 apache lines
[Fri Oct 16 10:33:49.873625 2015] [mpm_winnt:notice] [pid 1576:tid 668] AH00418: Parent: Created child process 1252
[Fri Oct 16 10:33:50.405080 2015] [mpm_winnt:notice] [pid 1252:tid 600] AH00354: Child: Starting 64 worker threads.
[Fri Oct 16 12:09:50.487027 2015] [mpm_winnt:notice] [pid 1576:tid 668] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Fri Oct 16 12:09:52.490354 2015] [mpm_winnt:notice] [pid 1252:tid 600] AH00364: Child: All worker threads have exited.
[Fri Oct 16 12:09:52.606432 2015] [mpm_winnt:notice] [pid 1576:tid 668] AH00430: Parent: Child process 1252 exited successfully.
[Fri Oct 16 12:09:54.598384 2015] [mpm_winnt:notice] [pid 6408:tid 656] AH00455: Apache/2.4.9 (Win64) PHP/5.5.12 configured -- resuming normal operations
[Fri Oct 16 12:09:54.598384 2015] [mpm_winnt:notice] [pid 6408:tid 656] AH00456: Apache Lounge VC11 Server built: Mar 16 2014 12:42:59
[Fri Oct 16 12:09:54.598384 2015] [core:notice] [pid 6408:tid 656] AH00094: Command line: 'c:\\wamp\\bin\\apache\\apache2.4.9\\bin\\httpd.exe -d C:/wamp/bin/apache/apache2.4.9'
[Fri Oct 16 12:09:54.600385 2015] [mpm_winnt:notice] [pid 6408:tid 656] AH00418: Parent: Created child process 8152
[Fri Oct 16 12:09:54.943610 2015] [mpm_winnt:notice] [pid 8152:tid 580] AH00354: Child: Starting 64 worker threads.
Turns out there was not much, if anything, wrong with the Apache config.
However #Tryhard was using the Google Chrome browser, and that was doing a google search whenever the URL elgg.local was entered and not using it as a domainname. IE did not make this mistake, so it must be a Chrome issue!
The popular solution, that I have used before, of
Enter chrome://flags in the address bar and set "Built-in Asynchronous DNS" to "Disabled", then restart the browser. No longer seems to work as that option is no longer available in the flags parameters.
Dont know if this is a Chrome bug or just an oddity, but the only solution we could come up with was to add a trailing / to the domain name. That made Chrome use the url rather than start a search!
So elgg.local did a search
and elgg.local/ ran the website code.
If you ever get odd unexpected behaviours while using Chrome, always try FF and/or IE before anything else, to make sure the same things happen as Chrome seems to have quite a few odd behaviours when dealing with local development websites.
I was trying to set up multiple websites on my computer, following this tutorial: https://delanomaloney.com/2013/07/how-to-set-up-virtual-hosts-using-xampp/
I stopped apache and then changed two files: hosts and httpd-vhosts.conf.
Here is hosts:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost
127.0.0.1 www.sewing.dev
And httpd-vhosts.conf:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName localhost
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/sewing"
ServerName sewing.dev
ServerAlias www.sewing.dev
<Directory "c:/xampp/htdocs/sewing">
AllowOverride All
Require all Granted
</Directory>
</VirtualHost>
I saved the files and clicked to restart apache. Nothing happens. It says that it's attempting to start but doesn't actually start. I checked the error logs, but didn't see anything that I could understand.
Error log:
[Fri May 22 21:33:45.065111 2015] [ssl:warn] [pid 2136:tid 384] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 21:33:46.063513 2015] [ssl:warn] [pid 2136:tid 384] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 21:33:55.657529 2015] [mpm_winnt:notice] [pid 2136:tid 384] AH00455: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.15 configured -- resuming normal operations
[Fri May 22 21:33:55.657529 2015] [mpm_winnt:notice] [pid 2136:tid 384] AH00456: Apache Lounge VC11 Server built: Jul 17 2014 11:50:08
[Fri May 22 21:33:55.657529 2015] [core:notice] [pid 2136:tid 384] AH00094: Command line: 'C:\\xampp\\apache\\bin\\httpd.exe -d C:/xampp/apache'
[Fri May 22 21:33:55.657529 2015] [mpm_winnt:notice] [pid 2136:tid 384] AH00418: Parent: Created child process 3600
[Fri May 22 21:33:57.654333 2015] [ssl:warn] [pid 3600:tid 276] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 21:33:58.044334 2015] [ssl:warn] [pid 3600:tid 276] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 22 21:33:58.106734 2015] [mpm_winnt:notice] [pid 3600:tid 276] AH00354: Child: Starting 150 worker threads.
[Fri May 22 21:41:40.093670 2015] [mpm_winnt:notice] [pid 2136:tid 384] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Fri May 22 21:41:42.121674 2015] [mpm_winnt:notice] [pid 3600:tid 276] AH00364: Child: All worker threads have exited.
[Fri May 22 21:41:42.449274 2015] [mpm_winnt:notice] [pid 2136:tid 384] AH00430: Parent: Child process 3600 exited successfully.
When I comment out all of the httpd-vhosts.conf file, apache will start.
You need to close your default virtual host directive.
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs"
ServerName localhost
</VirtualHost> # <<< missing closing directiv!!!