I'm having a bit of an issue with setting up an Apache installation for a project I inherited. The original installation the project uses is Apache 2.2, but I'm currently using 2.4, and since the folder/filename and config options have changed a bit, I'm not sure what's causing my scripts to behave this way.
I have a script that's setup to execute from my cgi-bin directory which, among other things, generates an HTML file and after everything is complete, it uses "Location:whoami.html" to navigate to this page. The page is located within cgi-bin when it is created. However, instead of this page being served client-side, it creates an Internal Server Error message, and the log suggests that the page was interpreted as a script because it says:
(13)Permission denied: AH01241: exec of '/var/www/cgi-bin/whoami.html' failed
[client xxx.xx.xx.xx:xxxxx] End of script output before headers: whoami.html, referrer: http://xxx.xx.xx.xx
So why is it interpreting this page as a script, if in fact, that is what it's doing? The old server has the same directory configurations for the cgi-bin directory, but it serves the page as it's supposed to without error.
The issue was that the script that creates the file wasn't running because I forgot to add the www-data user to the /etc/sudoers file... easy fix that I really should have thought of before.
Related
I'm using a Debian EC2 instance running a Apache2 server (from the open semantic search package).
When I try to open a pdf file in the web browser (inline?), it opens a modified version of it when the file is located on a remote folder but not when the file is located locally.
I saw recommendation (http://www.devside.net/wamp-server/forcing-a-pdf-or-doc-to-open-in-browser-rather-than-downloading) to modify the Apache configuration file to include:
<LocationMatch "\.(?i:pdf)$">
ForceType application/pdf
Header set Content-Disposition inline
</LocationMatch>
I tried adding it to /etc/apache2/apache2.conf
But when I restart the apache server, I get the following error message:
apachectl[16425]: AH00526: Syntax error on line 207 of /etc/apache2/apache2.conf:
apachectl[16425]: Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
My questions are:
Which Apache configuration file should I modify?
Is this modification going to open the pdf file in the web browser inline without downloading / modifying the pdf file when coming from a remote folder?
Thanks!
Yoann
I suspect that it isn't the PDF that is getting corrupted, but the images inside of it.
Some time ago, some server admins were having problems with images getting corrupted by apache2. See for example serverfault and drupalQuestion.
The proposed solution is to change a couple of settings in the apache2 config file. I suspect memory mapping is the issue, which can be turned off by adding the following command to apache2.conf:
EnableMMAP Off
I hope this helps!
The project I'm working on has a fairly long & complicated list of RewriteRules, separated into 2 .htaccess files for legacy reasons. I'm putting the app into a Docker container to make it easier to on-board new developers, but the Ubuntu/Apache combo is choking on the RewriteRules and giving me an HTTP 500.
Docker image: php:5.6-Apache
Apache Version: 2.4
I boosted the logging to trace4 and it appears to figure out the right file - here's the last line of the mod_rewrite debug output
[Thu Mar 16 09:08:15.459987 2017] [rewrite:trace1] [pid 17] mod_rewrite.c(475): [client 192.168.99.1:63990] 192.168.99.1 - - [rs.dev/sid#7f51cf6fece0][rid#7f51cf61c8f8/initial/redir#3] [perdir /var/www/appname/public_html/production/] pass through /var/www/appname/public_html/production/login.php
The file '/var/www/appname/public_html/production/login.php' exists, and is the file that should be loaded. However, the response is sent as a 500, (and the page doesn't load). I'm using the /login URL here as an example, but it happens on all URLs.
This works on the localhost of a Mac running macOS, and it works in cPanel servers, I just can't seem to get it running in the Ubuntu base that Docker's providing me.
Does anyone know why Apache would use mod_rewrite and appear to identify the correct file, but then not use the file?
For reference, the entire log output from the request is on pastebin.
It turns out that my problem wasn't in the Rewriting at all, I had forgotten to create a file that PHP was trying to require, so it was throwing a PHP error. However, the way the logs were configured, the error was disappearing into the ether, (or into a log I haven't found yet).
Let that be a lesson - even if you're absolutely sure where the error is, you might still be wrong!
I've got a .htaccess file that I copied from one Apache HTTPD server and deployed onto another. Unfortunately, I foolishly didn't check the version of the destination server and just put the file in place; the site stopped working because it's Apache 2.4 and the file has 2.2 syntax. So I quickly reverted it to the previous version and hoped that nobody noticed!
Now, of course, I'm paranoid.
I tried copying the broken-on-2.4 version elsewhere and using apache2 -t .htaccess to find out what's wrong, but I get this error:
apache2: Could not open configuration file /etc/apache2/.htaccess: No such file or directory
If I supply the full path (i.e. apache2 -t /path/to/it/.htaccess) I get:
AH00534: apache2: Configuration error: No MPM loaded.
This error appears to be unrelated but I get the same error message and exit code (1) regardless of whether or not there's an error in the .htaccess file.
So my question is: can I use apache2 -t [...] to test a .htaccess file, and if not, what can I use instead (aside from the manual)? There is this site but it doesn't seem to allow me to say what version of Apache to check against.
I haven't found out how to do what I asked, but I have come up with a workaround.
I created a new directory on the server and put the incompatible .htaccess file in there. I then accessed the directory via my browser whilst tail -fing the error log (/var/log/apache2/error.log) to see what the problem was.
I have an apache webserver running on centos environment. There is a folder and in that there is a file which has an extension .exe lets name the file x.exe
when I try download this file using http://mysite.com/folder/x.exe I get a 403 error.
but if I add a gif to that folder it works http://mysite.com/folder/pic.gif
I dont have SSH access to this server but need to know some clue for why this is happenning, the file permissions are correct too.
any help is appreciated
Within Apache's httpd.conf, it is possible to specify default handling actions for certain file types or paths. It may be that your server is configured to block executable files all together. Similar blocking can also occur in an .htaccess file. There are a few ways to do it... here's one:
<Files ~ "\.exe$">
Order allow,deny
Deny from all
</Files>
That little snippet could be in the main .conf file, and included .conf file, OR an .htaccess file (or all three!), and again, that is just one possibility. Your best bet is to check out the server logs. They will indicate why a given request was denied in a form similar to this:
[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by
server configuration: /www/root
Take a look at this document for information about server logs (including default paths to the logs themselves).
As I mentioned, there are a few other ways to block access to certain file types, certain files, certain folders, etc. Without looking at the error logs, it is very difficult to determine the cause. Further, without full access to the server, it may not be possible to alter this behavior. This blockage could be in place as a matter of policy for your web host.
I'd like to add I spent like 2 hours trying this crap over and over again only to discover that selinux was denying specific file types for httpd.
try:
setenforce Permissive
and see if that corrects the error
tag
Fedora 16
well the answer was I had this in a folder where it forbids the exe
Deny from all
<FilesMatch "\.(html|HTML|htm|HTM|xhtml|XHTML|js|JS|css|CSS|bmp|BMP|png|PNG|gif|GIF|jpg|JPG|jpeg|JPEG|ico|ICO|pcx|PCX|tif|TIF|tiff|TIFF|au|AU|mid|MID|midi|MIDI|mpa|MPA|mp3|MP3|ogg|OGG|m4a|M4A|ra|RA|wma|WMA|wav|WAV|cda|CDA|avi|AVI|mpg|MPG|mpeg|MPEG|asf|ASF|wmv|WMV|m4v|M4V|mov|MOV|mkv|MKV|mp4|MP4|swf|SWF|flv|FLV|ram|RAM|rm|RM|doc|DOC|docx|DOCX|txt|TXT|rtf|RTF|xls|XLS|xlsx|XLSX|pages|PAGES|ppt|PPT|pptx|PPTX|pps|PPS|csv|CSV|cab|CAB|arj|ARJ|tar|TAR|zip|ZIP|zipx|ZIPX|sit|SIT|sitx|SITX|gz|GZ|tgz|TGZ|bz2|BZ2|ace|ACE|arc|ARC|pkg|PKG|dmg|DMG|hqx|HQX|jar|JAR|xml|XML|pdf|PDF)$">
Allow from all
</FilesMatch>
added exe there and worked fine,
also a note, this was in a SilverStripe CMS powered site, and in the assets folder of SilverStripe
I m working on a python version cgi script which needs to create img files (which will be shown on the web page) in cgi-bin folder.
But it fails with:
[Wed Oct 28 16:13:51 2009] [error] [client ::1] OSError: [Errno 13] Permission denied: 'average/'
[Note] 'average/' is the folder that the cgi script is going to create first for saving those img files.
I tried giving a+x permission to the cgi script, but it failed still. This happens on both Win and Mac.
Btw, I m working with the default Apache configurations. I didn't change anything after the installation of Apache.
You would have to give the web server user write permission to the cgi-bin folder. Usually the web server user is something like nobody and not in the same group as the owner of the folder, so that means making cgi-bin world-writable: Note: This is a really bad idea.
chmod a+rwx cgi-bin
(or, on Windows setting permissions on cgi-bin to give Everyone ‘Full Control’.)
Now any user on your server, or any script that doesn't check its filenames properly, might create a file in the cgi-bin, where it will be interpreted by Apache as a CGI script and executed. This is a good way to get your server owned.
Run-time-written files should go in a separate ‘data’ folder, outside the cgi-bin (and preferably outside the web root, bound with an Alias), with Apache set to disallow any kind of script or htaccess from that folder. You can then set ‘data’ 777, or, possibly better, have it owned by the web server user instead.
The error message is complaining about permissions for the folder average/ not the cgi file.
EDIT: So your python script (which runs on both Win and Mac) is responsible for creating the folder and the img files?
You definitely should check your script and the permissions on the parent folder in which average/ is to be created.
If it's not just a permissions problem, as the error message suggests, you'll need a Python expert.