Re: [CentOS] apache server-status permission denied
On 10/06/14 13:22, Tim Dunphy wrote: Hi Steven, Thanks for your reply. No there appears to be no difference there either. And I don't think reverse dns is setup on either host. Tim Hi Tim. The only time I've seen such an error was when the user the web server is running as doesn't have permission to access the file system directory - in your case, /server-status. Maybe this particular instance has a different user set up for the Apache process? Cheers, ak. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
Am 10.06.2014 um 04:44 schrieb Tim Dunphy bluethu...@gmail.com: Ok lets' try this again. I set the following in httpd.conf: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160 /Location for testing - what about disabling temporarily the access restriction? -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
On 10/06/14 16:26, Anthony K wrote: Hi Tim. The only time I've seen such an error was when the user the web server is running as doesn't have permission to access the file system directory - in your case, /server-status. Maybe this particular instance has a different user set up for the Apache process? Cheers, ak. I was corrected by a well known troll that /server-status is not in the file system - :-( ! Please excuse my jabber... ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] apache server-status permission denied
Hey all, I'm having a slightly weird issue with apache server-status on just one of my nodes. In my httpd.conf I have the following: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160 /Location If I do a ps grep I know that I'm using the right config: [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 root 28359 1 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28360 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28361 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28362 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28363 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start And if I check apachectl -S things look ok there too. I can also see I'm using the right config: [root@webhosta apache2]# /opt/apache2/bin/httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:*is a NameVirtualHost default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480) port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501) Syntax OK Yet, for some reason I get permission denied when I try to do a get from localhost: [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i. Does anyone have any ideas or suggestions as to what could be wrong? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface. On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote: Hey all, I'm having a slightly weird issue with apache server-status on just one of my nodes. In my httpd.conf I have the following: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160 /Location If I do a ps grep I know that I'm using the right config: [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 root 28359 1 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28360 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28361 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28362 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28363 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start And if I check apachectl -S things look ok there too. I can also see I'm using the right config: [root@webhosta apache2]# /opt/apache2/bin/httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:*is a NameVirtualHost default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480) port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501) Syntax OK Yet, for some reason I get permission denied when I try to do a get from localhost: [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i. Does anyone have any ideas or suggestions as to what could be wrong? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
Ok lets' try this again. I set the following in httpd.conf: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160 /Location I bounce apache. I verify the IP information is correct: [root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0 Then if I try a GET on that IP using hostname -i [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html OR if I try a GET with the actual IP, I get the following: [root@webhosta apache2]# GET http://10.10.1.160/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html Any further thoughts? Thanks On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5a...@gmail.com wrote: 10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface. On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote: Hey all, I'm having a slightly weird issue with apache server-status on just one of my nodes. In my httpd.conf I have the following: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160 /Location If I do a ps grep I know that I'm using the right config: [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 root 28359 1 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28360 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28361 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28362 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28363 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start And if I check apachectl -S things look ok there too. I can also see I'm using the right config: [root@webhosta apache2]# /opt/apache2/bin/httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:*is a NameVirtualHost default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480) port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501) Syntax OK Yet, for some reason I get permission denied when I try to do a get from localhost: [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i. Does anyone have any ideas or suggestions as to what could be wrong? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server? On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy bluethu...@gmail.com wrote: Ok lets' try this again. I set the following in httpd.conf: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160 /Location I bounce apache. I verify the IP information is correct: [root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0 Then if I try a GET on that IP using hostname -i [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html OR if I try a GET with the actual IP, I get the following: [root@webhosta apache2]# GET http://10.10.1.160/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html Any further thoughts? Thanks On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5a...@gmail.com wrote: 10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface. On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote: Hey all, I'm having a slightly weird issue with apache server-status on just one of my nodes. In my httpd.conf I have the following: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160 /Location If I do a ps grep I know that I'm using the right config: [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 root 28359 1 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28360 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28361 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28362 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28363 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start And if I check apachectl -S things look ok there too. I can also see I'm using the right config: [root@webhosta apache2]# /opt/apache2/bin/httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:*is a NameVirtualHost default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480) port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501) Syntax OK Yet, for some reason I get permission denied when I try to do a get from localhost: [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i. Does anyone have any ideas or suggestions as to what could be wrong? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] apache server-status permission denied
Hi Steven, Thanks for your reply. No there appears to be no difference there either. And I don't think reverse dns is setup on either host. Tim On Mon, Jun 9, 2014 at 11:03 PM, Steven Tardy sjt5a...@gmail.com wrote: does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server? On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy bluethu...@gmail.com wrote: Ok lets' try this again. I set the following in httpd.conf: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160 /Location I bounce apache. I verify the IP information is correct: [root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0 Then if I try a GET on that IP using hostname -i [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html OR if I try a GET with the actual IP, I get the following: [root@webhosta apache2]# GET http://10.10.1.160/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html Any further thoughts? Thanks On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5a...@gmail.com wrote: 10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface. On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethu...@gmail.com wrote: Hey all, I'm having a slightly weird issue with apache server-status on just one of my nodes. In my httpd.conf I have the following: Location /server-status SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160 /Location If I do a ps grep I know that I'm using the right config: [root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5 root 28359 1 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28360 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28361 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28362 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start apache 28363 28359 0 21:38 ?00:00:00 /opt/apache2/bin/httpd -k start And if I check apachectl -S things look ok there too. I can also see I'm using the right config: [root@webhosta apache2]# /opt/apache2/bin/httpd -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:*is a NameVirtualHost default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469) port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480) port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501) Syntax OK Yet, for some reason I get permission denied when I try to do a get from localhost: [root@webhosta apache2]# GET http://$(hostname -i)/server-status !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access /server-status on this server./p hr addressApache Server at 10.10.1.160 Port 80/address /body/html I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i. Does anyone have any ideas or suggestions as to what could be wrong? Thanks Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B