I have setup my repo at /home/adil/hg/sample-repo and want to serve it via httpd. I am following the tutorial at https://www.mercurial-scm.org/wiki/PublishingRepositories#multiple and have created the hgweb.config file and have copied hgweb.cgi (renamed it to index.cgi) to /home/adil/web/mercurial/
My apache config (/etc/httpd/conf/httpd.conf) looks like this :
ScriptAlias /hg "/home/adil/web/mercurial/index.cgi"
<Directory "/home/adil/web/mercurial">
Order allow,deny
Allow from all
AllowOverride All
Options ExecCGI
AddHandler cgi-script .cgi
</Directory>
index.cgi, hgweb.config and all the dirs upwards have world read permissions
http://localhost/hg gives a "403 Forbidden" error. WTF?
PS: Apache error log shows :
[Sun Oct 17 06:45:38 2010] [error] [client 1.2.3.4] (13)Permission denied: access to /hg denied
I'm not an Apache config expert by any means, but I was experiencing this error and managed to get rid of it.
Before I did, I was getting this error in my error_log: client denied by server configuration: /Users/svn/Public/hg/hgwebdir.cgi
This was my original config:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I added some options:
ScriptAlias /hg "/Users/svn/Public/hg/hgwebdir.cgi"
<Location /hg>
Options ExecCGI FollowSymLinks
Options None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Mercurial Repositories"
AuthUserFile /Users/svn/Public/hg/auth
Require valid-user
</Location>
I tried Pablo's version too - one problem I experienced was that "ScriptAliasMatch ^/hg(.*)" was capturing the hg logo and stylesheets needed to render the browser repo explorer. I'm not sure if this even applies to hgweb.cgi because I don't use that one, but it was definitely an issue while using hgwebdir.cgi. Specifically: script not found or unable to stat: /Users/svn/Public/hg/hgweb.cgilogo.png
Probably Apache's process owner does not have permissions to access /home/adil/web/mercurial.
Also, do check Apache's error log (usually located in /var/log/httpd-error.log or some place similar. It will give you extra information to debug your installation.
To check what's the user running Apache's process do:
$ ps aux | grep http
ps should show what's the user running Apache.
Also, in case it helps, here's the way I do it:
ScriptAliasMatch ^/hg(.*) /usr/local/share/mercurial/www/hgweb.cgi$1
<Directory /usr/local/share/mercurial/www>
Options ExecCGI FollowSymLinks
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Related
I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/
I sorta have a HTTP config working for Apache 2.2 that allows WebDav. At least I can use the WinSCP client to attach with the DAV account listed below.
But I also have much older clunkier clients that may only work for anonymous access. And they are not working.
Windows 7 (Map drive), it pops up the credentials but does not log in.
FalconView (probably only understands anonymous login
Any idea what I am doing wrong here with the anon access? I am a novice at HTTPD.conf
(the environment variable ${EGPL_JobsPath} resolves to a windows path:
E.g. F:\Jobs
Alias /jobs ${EGPL_JobsPath}
<IfModule dav_lock_module>
DavLockDB "${EGPL_JobsPath}"
</IfModule>
<Directory "${EGPL_JobsPath}">
Header set Access-Control-Allow-Origin "*"
Dav On
Require valid-user
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require user me
</LimitExcept>
AuthType Basic
AuthName DAV
AuthUserFile conf/users.passwords
</Directory>
The only way I could get this to work, is to turn off all Authentication and leave the webdav folder open to the world. I would still like to hear from people with better ideas:
Alias /jobs ${EGPL_JobsPath}
<IfModule dav_lock_module>
DavLockDB "${EGPL_LibrarianPath}"
</IfModule>
<Directory "${EGPL_JobsPath}">
Header set Access-Control-Allow-Origin "*"
Dav On
</Directory>
I'm running Apache/2.4.7 (Ubuntu) Server and I'm trying to protect one of the directories 'myFolder' which is located at /var/www/html/myFolder
I made the following edits in /etc/apache2/apache2.conf file
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/html/myFolder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
I created .htaccess in /var/www/myFolder with the following contents
AuthUserFile /var/www/html/myFolder/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user
Also created htpasswd by
htpasswd -c /var/www/html/myFolder/.htpasswd admin
which then prompts for password.
I then try to access the file on the browser www.mydoman.com/myFolder/hello.html and it prompts for username and password. However, the authentication does not go through.
Here is the error from the error.log file
[authz_core:error] [pid 30042] [client xxx.xxx.xx.xxx:53348] AH01629: authorization failure (no authenticated user): /myFolder/hello.html
How can I resolve this issue?
A loaded mod-shib2 can cause this problem. According to this bug comment, setting ShibCompatValidUser On solves it.
Require valid-user does also work with mod_shib enabled. According to https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig this is only necessary for shib versions 2.5.2 and above. Note that ShibCompatValidUser is a server / virtual host option.
I'm new to this.
We did a system scan last night. However, during the scanning, the system is down and we are facing 403 forbidden error when access the web.
Please kindly assist how and where should i check.
Version: Apache/2.4.7 (Ubuntu)
Ubuntu 4.2
The application was working fine all these while and no changes was done on the server.
YOur help on this is much appreciated.
thank you!
Here's the config file for further help:
/etc/apache2/apache.conf
<Directory />
Options FollowSymLinks
AllowOverride None
# Require all denied
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
/etc/apache2/sites-available/000-default.conf
<Directory "/var/www/html">
Options All
AllowOverride All
Require all granted
</Directory>
As you already added some conf-files to your question and extended comments should be avoided on SO (and you don't have the required 20 reputation for moving to chat) next suggestions here: add also your .htaccess, and maybe this is of help: Apache2: 'AH01630: client denied by server configuration'
In addition, it might be of help if you open (depending on your browser and development tools) e.g. the Firebug Net Panel to check what happens when you call your site's url - if the 403 occurs directly or if there is any kind of redirect taking place. Could also be of help to trace the address in a shell / command prompt to see what's going on.
I have a directory structure like the following for a website on Ubuntu 14.04, running apache 2.4.7:
/websites/mywebsite/index.htm
/websites/mywebsite/private.htm
/websites/myqwbsite/folder/privatefile.ext
/websites/mywebsite/folder/subfolder/publicfile.ext
In the Apache config for the site, I have
<Directory /websites/mywebsite/>
AllowOverride Limit
Require all granted
</Directory>
I want to use .htaccess files in the site folder such that the private.htm and privatefile.ext files are Require all denied but everything else is granted.
I tried the following two .htaccess files:
/websites/mywebsite/.htaccess:
<FilesMatch (private.*.htm)$>
Require all denied
</FilesMatch>
/websites/mywebsite/folder/.htaccess:
Require all denied
/websites/mywebsite/folder/subfolder/.htaccess:
Require all granted
However, apache gives a 500 - "Require not allowed here" for /websites/mywebsite/.htaccess
How can I make what I want happen with apache 2.4-compatible configuration (ie I do not want to load mod_access_compat and use the old style config)?
In the apache config for the site, you have to extend AllowOverride properties. Add: FileInfo and AuthConfig. Or set "AllowOverride All"
I had same problem, fixed with this config :
<Directory /websites/mywebsite/>
Options +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride FileInfo AuthConfig
</Directory>