Apache always get 403 permisson after changing DocumentRoot - apache

I'm just a newbie for Apache. I just installed apache 2.2 on the FreeBSD box at my home office. The instruction on FreeBSD documentation is that I can change the DocumentRoot directive in order to use the customized directory data. Therefore, I replaced...
/usr/local/www/apache22/data
with
/usr/home/some_user/public_html
but something is not right. There's index.html file inside the directory, but it seems that apache could not read the directory/file.
Forbidden
You don't have permission to access / on this server.
The permission of
public_html
is
drwxr-xr-x
I wonder what could be wrong here. Also, in my case, I am not going to host more than one website for this FreeBSD box, so I didn't look at using VirtualHost at all. Is this a good practice just to change the DirectoryRoot directive?

Somewhere in the apache config is a line like:
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/www/apache22/data">
You must change this path too, to make it work. This directive contains for example:
Order allow,deny
Allow from all
Which give initial user access to the directory.

one possibility that comes to mind is SELinux blocking web process from accessing that folder. If this is the case, you would see it in selinux log. You would have to check the context for your original web root with:
ls -Zl
and then apply it to your new web folder:
chcon whatevercontextyousaw public_html
Or, instead, if its not a production server that requires security (like a development machine behind a firewall), you might want to just turn selinux off.
Just one idea. Could be a number of other things.

Related

PHPmyadmin and Wordpress directories access denied

Running wordpress locally on a centOS 7 server running the latest apache, PHPmyadmin and mariadb-server.
IP/wordpress and IP/phpmyadmin on systems within the local network yields "403 forbidden" "you dont have permission to access (directory) on this server."
How can I fix this to allow the website to be seen on the public internet?
Could be a lot of things.
In your main Apache configuration file (e.g. /etc/httpd/conf/httpd.conf on Arch Linux), confirm your DocumentRoot path. The files you want to serve must reside there, or in sub-directories from there (If not, you might want to use an Alias to specify another path). Since you call IP/wordpress and IP/phpmyadmin, then you probably have directories called wordpress and phpmyadmin under your DocumentRoot path.
You also want to check the Directory groups in your Apache configuration file. Under those, the main culprit would be the Require directive set to all denied or something else too much restrictive like ip your_ip.
Finally, PHP can restrict path access with the open_basedir directive. Look for it in your php configuration file (e.g. /etc/php/php.ini on Arch Linux). If the line is commented, you're fine. But if a path is specified, your wordpress and phpmyadmin files must reside there.
Depending on your setup, any directive mentioned above could be in another Apache configuration file (e.g. /etc/httpd/conf/extra/* on Arch Linux).
Take a look at Apache and PHP online documentation for information about those directives.
Probably there is an issue with your directory privileges.
Use the follwing command to check it:
cd your_site_directory
ls -l
You can have a look to have a better understanding on directory privileges here.
As mentioned here apache runs under "apache" user.
Have a look at this post here to fix the issue.
All files should belong at least to apache group. To do it you can use
cd your_site_directory
chgrp -R apache ./*

Apache: include htaccess in conf with AllowOverride None, better performance?

Suppose we have the /home/example.org/public_html/ directory on the filesystem, which serves as the document root of my virtualhost.
The relevant httpd configuration for that vhost would look like this:
<VirtualHost *:80>
ServerName example.org:80
...
DocumentRoot /home/example.org/public_html
<Directory /home/example.org/public_html>
AllowOverride All
...
</Directory>
...
</VirtualHost>
In order to prevent the htaccess lookups on the filesystem without losing the htaccess functionality – at least at the DocumentRoot level- I transformed the configuration to the following:
<VirtualHost *:80>
ServerName example.org:80
...
DocumentRoot /home/example.org/public_html
<Directory /home/example.org/public_html>
AllowOverride None
Include /home/example.org/public_html/.htaccess
...
</Directory>
...
</VirtualHost>
Difference
AllowOverride None
Include /home/example.org/public_html/.htaccess
Let’s see what we have accomplished with this:
httpd does not waste any time looking for and parsing htaccess files
resulting in faster request processing
Questions:
Using Include directive, Apache load htaccess only on service start or for each request?
If point 1 it's true, how do refresh apache conf without httpd.exe -k restart?
Firstly, note that checking for .htaccess is commonly not all that big an issue, since the relevant bits of the disk are cached in memory. It becomes an issue where for example you have a very large number of directories under your web root directory or directories, and the hits are scattered amongst them so that the hit rate on cached disk blocks is low. You might be better dealing with that by disabling .htaccess selectively for directory trees where it creates a problem. Parsing the .htaccess directives creates a little CPU load of course, but CPU should generally not be your server's bottleneck.
Answering your question as posed though; Yes, you will need to run a command as root to load the new configuration. Rather than using restart though, use reload or (better) graceful.
httpd.exe -k graceful
You could (but probably shouldn't) write a cron job to periodically check whether this needs to be run. Without a lot of testing, I think something like this should work, run as a regular root cron job:
#!/bin/bash
[ /var/run/httpd/http.pid -nt /home/example.org/public_html/.htaccess ] \
&& httpd.exe -k graceful
This creates a bit of disk load itself of course. This load doesn't increase with traffic volume, but might be an issue if you have many such included files.
SECURITY WARNING: It sounds like you are setting up a situation where a non root user is likely to be able to get Apache to Include directives at will. This is much more powerful than what can be done with a .htaccess file, and amounts to a root exploit. E.g. it gives access to things like the User and LoadModule directives, which .htaccess directives can never do.
I recommend that you should put Included directives in a file inside your Apache configuration directory, and have it accessible only by root. There are other ways to make sure that only root can edit the .htaccess file, but getting these files out of the user-owned area makes it less likely you'll inadvertently open access again later.
While the .htaccess mechanism does incur extra disk load, it is the mechanism that's designed for use by non-root users. It would be nice to have a mechanism for untrusted users to modify configuration with a limit on how often the .htaccess file would be checked for, but if it exists, I don't know it.
Apache accesses and processes the htaccess files on each request. This is why one does not need to restart the server every time to check their current configurations.
You do need to restart the server/service for testing any changes made to apache.conf, httpd.conf or the vhost configurations.
Quoting from Apache's tutorial on htaccess file:
You should avoid using .htaccess files completely if you have access
to httpd main server config file. Using .htaccess files slows down
your Apache http server. Any directive that you can include in a
.htaccess file is better set in a Directory block, as it will have
the same effect with better performance.
Since you already are trying to Include the htaccess from inside a <Directory> module block, the performance would be better if you include everything from the file to this block itself instead. There is, although no difference; apart from having to maintain configurations in two places simultaneously.
The htaccess file will get processed just once, at the time of server start.

Can you disable apache logs for a single site using htaccess or in the Virtual Host settings?

I'm working on a web site where the client doesn't want ANY logging on the site for privacy reasons. The site will be hosted on the same Apache Web Server as a number of other websites which is why I can just turn logging off in Apache. Is there some way to disable logging for an individual site using htaccess rules or by adding something to the VirtualHost settings?
The options seem to be
Sending to /dev/null on *nix or C:/nul on Windows (see here)
Removing the base logging directives and duplicating them in each vhost (so there is no logging on for vhosts by default)
Seems like there should be some better way to do this, but that's what I've found.
Yes, just comment out (using a '#') the ErrorLog and CustomLog entries in the httpd conf for your virtual host.
http://www.mydigitallife.info/how-to-disable-and-turn-off-apache-httpd-access-and-error-log/
I achieve this by making the logging dependent on a non-existing environment variable. So in the VirtualHost you can have:
CustomLog /var/log/httpd/my_access_log combined env=DISABLED
and so long as there is no environment variable called DISABLED then you'll get no logs.
I actually arrived here looking for a neater solution but this works without having to change the global httpd.conf.
Edit: removed reference to .htaccess because CustomLog only applies in the global config or in the virtual host config as pointed out by #Basj

Apache not allowing access to sub directories

I installed Apache2, php, and mysql onto my Linux Mint machine with the hopes of continuing a website I had built. After copy and pasting all of the code I had I noticed a problem with one of my include statments:
<?php include("./dir/file1.html");
That wasn't working. Originally I thought the issue was with php but after a lot of trial and error I've concluded it's apache not allowing access to subdirectories in the /var/www/ directory.
Since I'm new to editing apache configuration files, I'm not really sure what to change to allow access to all subdirectories within /var/www/ on localhost. I've tried adding:
<Directory /var/www/*>
order allow,deny
allow from all
</Directory>
to my httpd.conf file (which was blank, which I learned had something to do with Linux Mint being Debian based) and confirmed that default in /sites-available had similar code. I'll post that if it's requested.
I'm unsure on what else I can do to get apache to allow access to subdirectories in my /var/www/ directory for localhost and none of my previous methods have worked.
UPDATE:
I believe it's an Apache issue because when trying to go to a subdirectory through the browser (like localhost/dir/), I get a 403 error. I don't have to be going to an actual webpage for that problem. Also, include statments including files in the current directory has no problem, only with subdirectories.
The Include statement above gives no errors or any other useful messages. Whatever the include statement is including is just not there. I've tried require but that gives me a 500 server error: the server may be down for maintenance (paraphrased).

Difference between ServerRoot, DocumentRoot, and Directory

While playing with Apache, I messed up the paths without making a backup httpd.config file.
The file is located at C:\xampp\apache\conf\httpd.config
I want to keep my web project on the D: drive as a virtual folder. This is the current non-working state. How can I fix this or revert to the xampp defaults?
ServerRoot "C:\xampp\apache"
DocumentRoot "D:\workspace"
<Directory "D:\workspace\AutionWebSite">
ServerRoot = path to the webserver executable/dir
DocumentRoot = path to your files that are delivered by the server
The <Directory> directive is used to configure settings for a specific directory. However, the <Directory> command in your question is not complete.
The default values for DocumentRoot and Directory for XAMPP is "C:\xampp\htdocs"
I would say that the most easiest way for you would be to check your xampp version, make a back up of your document root, which is probably "www" or "htdocs", your configuration files and eventually dump your database. Now install the same version of xammp again and there it is.
And at least the first rule is by playing with "config files", make backups before. The second rule is, make a backup of the whole configuration directory anyway, just for the case. And the last one is, if you are a xammp user, means you are a windows user, so you probably don't have unixoid server administration knowledges, so there is a long way for you to starting to "play" with the apache server.
The only think that you should know is, that you need to set the direction "AllowOverride All", which is necessary, if you use some content management system or other systems, which brings there own .htaccess file. So long you work on windows with xammp and not on a linux or other unixoid operating systems, you cannot understand the complete world of web servers like apache or database servers like postgresql and the sensibility of configuration files.
I understand the necessity of it for understanding of whole web applications respect. to be an full stack web programmer, but before that, i wouldn't change in the future the default server configurations, just check the row "AllowOverride All". Hope this will help your.
Server Root "/Local"
-specifies the default directory hierarchy for the Apache installation.
Document Root"/Local/WWW/apache22/data"
- the directory out of which you will serve your documents.