Am 22.04.2014 15:46, schrieb Jonathan Hayward: > > I have a fresh Debian installation (if that's not an oxymoron), with > Apache 2.2.x which I am migrating to after using Ubuntu Saucy and > Apache 2.4.x, and I'm pulling my hair out about > why http://dev.JonathansCorner.com/index.cgi > <http://dev.jonathanscorner.com/index.cgi> (used to serve the > homepage) is giving a 403. An old, > static http://dev.JonathansCorner.com/index.html > <http://dev.jonathanscorner.com/index.html> is working just fine, as > well as other static pages within the site. > > What I had remembered to do was add mod_cgi: > > |root@ps306627:/etc/apache2/mods-enabled# ls *cgi* > cgi.load cgid.conf cgid.load proxy_scgi.load > | > > And after a bit of searching, I confirmed that I needed ExecCGI and > AddHandler directives: > > | <Directory /home/cjsh/> > Options +ExecCGI Indexes FollowSymLinks MultiViews > AddHandler cgi-script .cgi > AllowOverride None > Order allow,deny > allow from all > </Directory> > | > > I thought it might be that I hadn't explicitly said an index.cgi could > serve the DirectoryIndex, but I have: > > | DirectoryIndex index.cgi index.html > | > > And furthermore, another CGI script > at http://dev.JonathansCorner.com/sidebar_index.cgi > <http://dev.jonathanscorner.com/sidebar_index.cgi> is behaving exactly > like the homepage and gives a 403. > > I've also restarted the server every time I made a chance I wanted to > test. I checked directory permissions; the static content wouldn't be > served if the Apache processes couldn't access the static content, and > I double-checked and have confirmed that when I run the index.cgi from > a shell as nobody it gives the output I want without a Linux > permissions error. > > What else can I give to let someone explain why I'm not plugging in > all the things I need to plug in to get index.cgi to work the way it > does executed from a shell as nobody? Here is a concatenation of my > apache2.conf and 000-default.conf (I deleted 000-default; the > configuration files are imported from an Apache 2). Still a little > puzzled at what's going wrong: > > |# > # Based upon the NCSA server configuration files originally by Rob McCool. > # > # This is the main Apache server configuration file. It contains the > # configuration directives that give the server its instructions. > # See http://httpd.apache.org/docs/2.2/ for detailed information about > # the directives. > # > # Do NOT simply read the instructions in here without understanding > # what they do. They're here only as hints or reminders. If you are unsure > # consult the online docs. You have been warned. > # > # The configuration directives are grouped into three basic sections: > # 1. Directives that control the operation of the Apache server process as a > # whole (the 'global environment'). > # 2. Directives that define the parameters of the 'main' or 'default' server, > # which responds to requests that aren't handled by a virtual host. > # These directives also provide default values for the settings > # of all virtual hosts. > # 3. Settings for virtual hosts, which allow Web requests to be sent to > # different IP addresses or hostnames and have them handled by the > # same Apache server process. > # > # Configuration and logfile names: If the filenames you specify for many > # of the server's control files begin with "/" (or "drive:/" for Win32), the > # server will use that explicit path. If the filenames do *not* begin > # with "/", the value of ServerRoot is prepended -- so "foo.log" > # with ServerRoot set to "/etc/apache2" will be interpreted by the > # server as "/etc/apache2/foo.log". > # > > ### Section 1: Global Environment > # > # The directives in this section affect the overall operation of Apache, > # such as the number of concurrent requests it can handle or where it > # can find its configuration files. > # > > # > # ServerRoot: The top of the directory tree under which the server's > # configuration, error, and log files are kept. > # > # NOTE! If you intend to place this on an NFS (or otherwise network) > # mounted filesystem then please read the LockFile documentation (available > # at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); > # you will save yourself a lot of trouble. > # > # Do NOT add a slash at the end of the directory path. > # > #ServerRoot "/etc/apache2" > > # > # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. > # > LockFile ${APACHE_LOCK_DIR}/accept.lock > > # > # PidFile: The file in which the server should record its process > # identification number when it starts. > # This needs to be set in /etc/apache2/envvars > # > PidFile ${APACHE_PID_FILE} > > # > # Timeout: The number of seconds before receives and sends time out. > # > Timeout 300 > > # > # KeepAlive: Whether or not to allow persistent connections (more than > # one request per connection). Set to "Off" to deactivate. > # > KeepAlive On > > # > # MaxKeepAliveRequests: The maximum number of requests to allow > # during a persistent connection. Set to 0 to allow an unlimited amount. > # We recommend you leave this number high, for maximum performance. > # > MaxKeepAliveRequests 100 > > # > # KeepAliveTimeout: Number of seconds to wait for the next request from the > # same client on the same connection. > # > KeepAliveTimeout 15 > > ## > ## Server-Pool Size Regulation (MPM specific) > ## > > # prefork MPM > # StartServers: number of server processes to start > # MinSpareServers: minimum number of server processes which are kept spare > # MaxSpareServers: maximum number of server processes which are kept spare > # MaxClients: maximum number of server processes allowed to start > # MaxRequestsPerChild: maximum number of requests a server process serves > <IfModule mpm_prefork_module> > StartServers 5 > MinSpareServers 5 > MaxSpareServers 10 > MaxClients 150 > MaxRequestsPerChild 0 > </IfModule> > > # worker MPM > # StartServers: initial number of server processes to start > # MaxClients: maximum number of simultaneous client connections > # MinSpareThreads: minimum number of worker threads which are kept spare > # MaxSpareThreads: maximum number of worker threads which are kept spare > # ThreadLimit: ThreadsPerChild can be changed to this maximum value during a > # graceful restart. ThreadLimit can only be changed by stopping > # and starting Apache. > # ThreadsPerChild: constant number of worker threads in each server process > # MaxRequestsPerChild: maximum number of requests a server process serves > <IfModule mpm_worker_module> > StartServers 2 > MinSpareThreads 25 > MaxSpareThreads 75 > ThreadLimit 64 > ThreadsPerChild 25 > MaxClients 150 > MaxRequestsPerChild 0 > </IfModule> > > # event MPM > # StartServers: initial number of server processes to start > # MaxClients: maximum number of simultaneous client connections > # MinSpareThreads: minimum number of worker threads which are kept spare > # MaxSpareThreads: maximum number of worker threads which are kept spare > # ThreadsPerChild: constant number of worker threads in each server process > # MaxRequestsPerChild: maximum number of requests a server process serves > <IfModule mpm_event_module> > StartServers 2 > MaxClients 150 > MinSpareThreads 25 > MaxSpareThreads 75 > ThreadLimit 64 > ThreadsPerChild 25 > MaxRequestsPerChild 0 > </IfModule> > > # These need to be set in /etc/apache2/envvars > User ${APACHE_RUN_USER} > Group ${APACHE_RUN_GROUP} > > # > # AccessFileName: The name of the file to look for in each directory > # for additional configuration directives. See also the AllowOverride > # directive. > # > > AccessFileName .htaccess > > # > # The following lines prevent .htaccess and .htpasswd files from being > # viewed by Web clients. > # > <Files ~ "^\.ht"> > Order allow,deny > Deny from all > Satisfy all > </Files> > > # > # DefaultType is the default MIME type the server will use for a document > # if it cannot otherwise determine one, such as from filename extensions. > # If your server contains mostly text or HTML documents, "text/plain" is > # a good value. If most of your content is binary, such as applications > # or images, you may want to use "application/octet-stream" instead to > # keep browsers from trying to display binary files as though they are > # text. > # > DefaultType text/plain > > > # > # HostnameLookups: Log the names of clients or just their IP addresses > # e.g., www.apache.org <http://www.apache.org> (on) or 204.62.129.132 (off). > # The default is off because it'd be overall better for the net if people > # had to knowingly turn this feature on, since enabling it means that > # each client request will result in AT LEAST one lookup request to the > # nameserver. > # > HostnameLookups Off > > # ErrorLog: The location of the error log file. > # If you do not specify an ErrorLog directive within a <VirtualHost> > # container, error messages relating to that virtual host will be > # logged here. If you *do* define an error logfile for a <VirtualHost> > # container, that host's errors will be logged there and not here. > # > ErrorLog ${APACHE_LOG_DIR}/error.log > > # > # LogLevel: Control the number of messages logged to the error_log. > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > # > LogLevel warn > > # Include module configuration: > Include mods-enabled/*.load > Include mods-enabled/*.conf > > # Include all the user configurations: > Include httpd.conf > > # Include ports listing > Include ports.conf > # Include ports listing > Include ports.conf > > # > # The following directives define some format nicknames for use with > # a CustomLog directive (see below). > # If you are behind a reverse proxy, you might want to change %h into > %{X-Forwarded-For}i > # > LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" > \"%{User-Agent}i\"" vhost_combined > LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" > combined > LogFormat "%h %l %u %t \"%r\" %>s %O" common > LogFormat "%{Referer}i -> %U" referer > LogFormat "%{User-agent}i" agent > > # Include of directories ignores editors' and dpkg's backup files, > # see README.Debian for details. > > # Include generic snippets of statements > Include conf.d/ > > # Include the virtual host configurations: > Include sites-enabled/ > > AddHandler cgi-script .cgi > > # End apache2.conf; begin sites-enabled/000-default.conf: > > #<VirtualHost *:80> > #ServerName media.pragmatometer.com <http://media.pragmatometer.com> > #ServerAlias media.ccachicago.pragmatometer.com > <http://media.ccachicago.pragmatometer.com> > #DocumentRoot /home/cjsh/ccachicago/media > #<Directory "/home/cjsh/ccachicago/media/"> > #Options Indexes MultiViews FollowSymLinks > #AllowOverride None > ##Order deny,allow > ##Deny from all > ##Allow from 127.0.0.0/255.0.0.0 <http://127.0.0.0/255.0.0.0> > ::1/128 > #</Directory> > #ServerAdmin cjshayw...@pobox.com > #</VirtualHost> > <VirtualHost *:80> > ServerAdmin cjshayw...@pobox.com > ServerName default.jonathanscorner.com > <http://default.jonathanscorner.com> > DocumentRoot /home/cjsh/mirror > RewriteEngine On > RewriteRule ^(.*)$ http://jonathanscorner.com$1 [R=301,L] > </VirtualHost> > <VirtualHost *:80> > ServerAdmin cjshayw...@pobox.com > > ServerName jonathanscorner.com <http://jonathanscorner.com> > ServerAlias dev.jonathanscorner.com <http://dev.jonathanscorner.com> > DocumentRoot /home/cjsh/mirror > RewriteEngine On > RewriteRule ^[SANITIZED]$ / [R=301,L] > RewriteRule ^[SANITIZED]$ / [R=301,L] > <Directory /> > Options FollowSymLinks > AllowOverride None > </Directory> > <Directory /home/cjsh/> > Options +ExecCGI Indexes FollowSymLinks MultiViews > AddHandler cgi-script .cgi > AllowOverride None > Order allow,deny > allow from all > </Directory> > > DirectoryIndex index.cgi index.html > ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ > <Directory "/usr/lib/cgi-bin"> > AllowOverride None > Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch > Order allow,deny > Allow from all > </Directory> > > ErrorDocument 404 /missing.html > ErrorDocument 500 /servererror.html > ErrorLog ${APACHE_LOG_DIR}/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog ${APACHE_LOG_DIR}/access.log combined > > Alias /doc/ "/usr/share/doc/" > <Directory "/usr/share/doc/"> > Options Indexes MultiViews FollowSymLinks > AllowOverride None > Order deny,allow > Deny from all > Allow from 127.0.0.0/255.0.0.0 <http://127.0.0.0/255.0.0.0> ::1/128 > </Directory> > > </VirtualHost> > > <VirtualHost *:80> > ServerAdmin cjshayw...@pobox.com > ServerName www.jonathanscorner.com <http://www.jonathanscorner.com> > ServerAlias jonathonscorner.com <http://jonathonscorner.com> > www.jonathonscorner.com <http://www.jonathonscorner.com> johnathanscorner.com > <http://johnathanscorner.com> www.johnathanscorner.com > <http://www.johnathanscorner.com> johnathonscorner.com > <http://johnathonscorner.com> www.johnathonscorner.com > <http://www.johnathonscorner.com> jonathanscorner.biz > <http://jonathanscorner.biz> www.jonathanscorner.com > <http://www.jonathanscorner.com> jonathanscorner.org > <http://jonathanscorner.org> www.jonathanscorner.org > <http://www.jonathanscorner.org> jonathanscorner.info > <http://jonathanscorner.info> www.jonathanscorner.info > <http://www.jonathanscorner.info> jonathanscorner.net > <http://jonathanscorner.net> www.jonathanscorner.net > <http://www.jonathanscorner.net> > DocumentRoot /home/cjsh/mirror > > RewriteEngine On > RewriteRule ^(.*)$ http://jonathanscorner.com$1 [R=301,L] > > </VirtualHost> > | > | > | > Please post acceslogs AND errorlogs for the vhosts subject to the 403.
Hint: the Allow/Deny Syntax did change from 2.2 -> 2.4.
smime.p7s
Description: S/MIME Cryptographic Signature
