Topic: Forbidden 403 access to my Server

[pwgsc1]

Hi Folks,

I just noticed a couple of days ago that access to my server is non existent.  I haven't really done anything to cause it but it seems to be only the primary site that's down, Ibays I can get to and the webadmin console.

Main site is:  www.craigbursey.ca     to see the error

Ibay that works:   www.craigbursey.ca/gallery


One thing I did install around the same time was the backuppc contrib but I don't see how that would affect it.   I just tested Dungog's Joomla contrib and that's no longer working.

Hummm, maybe I'll uninstall backuppc to see if that fixes things.

Thanks for any hints,

Craig

[pwgsc1]

I did a complete ininstall of the Backuppc contrib and still no success.  I still get the Forbidden  You don't have permission to access / on this server.

Craig

[pwgsc1]

I think I got the problem narrowed down to these errors.  But I don't know how to interpret them, do you?

[Fri Feb 02 19:41:21 2007] [warn] RSA server certificate CommonName (CN) `newserver.www.craigbursey.ca' does NOT match server name!?
[Fri Feb 02 19:41:21 2007] [notice] Apache configured -- resuming normal operations
[Fri Feb 02 19:42:56 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.htm denied
[Fri Feb 02 19:42:56 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.html denied
[Fri Feb 02 19:42:56 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.shtml denied
[Fri Feb 02 19:42:56 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.cgi denied

[Fri Feb 02 21:48:36 2007] [warn] RSA server certificate CommonName (CN) `smehome.www.craigbursey.ca' does NOT match server name!?
[Fri Feb 02 21:48:36 2007] [warn] The Alias directive in /etc/httpd/conf/httpd.conf at line 1074 will probably never match because it overlaps an earlier Alias.
[Fri Feb 02 21:48:36 2007] [warn] The Alias directive in /etc/httpd/conf/httpd.conf at line 1116 will probably never match because it overlaps an earlier Alias.
[Fri Feb 02 21:48:36 2007] [warn] The Alias directive in /etc/httpd/conf/httpd.conf at line 1122 will probably never match because it overlaps an earlier Alias.
[Fri Feb 02 21:48:36 2007] [notice] Digest: generating secret for digest authentication ...
[Fri Feb 02 21:48:36 2007] [notice] Digest: done
[Fri Feb 02 21:48:41 2007] [warn] RSA server certificate CommonName (CN) `smehome.www.craigbursey.ca' does NOT match server name!?
[Fri Feb 02 21:48:41 2007] [notice] Apache configured -- resuming normal operations

Thanks,

Craig

[william_syd]

What output do you fet from running this command..

Code: [Select]

/sbin/e-smith/audittools/templates

[pwgsc1]

This is the output:

/etc/e-smith/templates-custom/etc/ddclient/ddclient.conf/10Headers: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/ddclient/ddclient.conf/20Declaration: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/ddclient/ddclient.conf/template-end: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/ddclient/ddclient.conf/template-begin: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/proftpd.conf/05Chroot: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/ppp/ip-up.local/45ddclient: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/86PhpmyadminmultiAlias: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/88Isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/etc/crontab/99isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/template-end: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/template-begin: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.domains/isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates-custom/usr/local/etc/isoqlog.conf/isoqlog: OWNED_BY_RPM, ADDITION
/etc/e-smith/templates/etc/atalk/papd.conf/20printers: MULTIPLE_RPM_OWNERS e-smith-netatalk-1.14.0-3.el4.sme, e-smith-LPRng-1.14.0-4.el4.sme

[william_syd]

Apart from a few Owned by RPM templates in templates-custom I don't see anything obvious.

Next step would be to look into /etc/httpd/conf/httpd.conf at the line numbers mentioned and see what they say.

[william_syd]

Could it be simpler...? or a combination of problems.

What permissions do you have set for index.html in /home/e-smith/files/ibays/Primary/html ?

[pwgsc1]

My  httpd.conf  shows this:

#------------------
# Joomla - Joomla CMS
#----------------
Alias  /  /opt/joomla
Alias  /joomla  /opt/joomla      ->  LINE 1074

<Direectory /opt/joomla>
...

This joomla is the contrib from Dungog.net and I don't have it setup to be my default homepage yet, you use have to go to   www.craigbursey.ca/joomla but now you get the message  "you don't have permission to access /joomla on this server"   I also checked above this entry and there are no others for joomla in this file.

-------------------------------

Alias /wpad.dat /etc/httpd/conf/proxy/proxy.pac       ->  LINE 1116
<location /wpad.dat>
...
--------------------------------------

Alias /wpad.dat /etc/httpd/conf/proxy/proxy.pac       ->  LINE 1122
<location /wpad.dat>
...

Have no idea what these last two entries are.  But under Proxy Settings in the webconsole both HTTP and SMTP are enabled.



The rights set for my index.htm file  in the  ../ibayPrimary/html  folder are -rwxr-----

Thanks,

Craig

[william_syd]

You may want to delete or copy httpd.conf somewhere safe and  then recreate with..

Code: [Select]

expand-template /etc/httpd/conf/httpd.conf
/etc/rc.d/rc7.d/S86httpd-e-smith restart

Also look in /etc/e-smith/templates/etc/httpd/conf/httpd.conf for a file with joomla in the name and post the contents.

[davibou]

Humm do you have .htaccess in your i-bay ??

If you have a .htaccess files with rewrite rules it's maybe the problem !!

Check that too

[pwgsc1]

Checked.  There is no .htaccess file.

[pfloor]

My  httpd.conf  shows this:

#------------------
# Joomla - Joomla CMS
#----------------
Alias  /  /opt/joomla

This is pointing the root directory of all your domains to /opt/joomla
IOW /home/e-emith/ibays/<everyibayibay>/html -> /opt/joomla
I don't think you want to do this.

Comment that line out and restart httpd and see if your problem goes away.  If so, remove the contrib and please report this to the author of the contrib.

[pwgsc1]

Thanks for pointing that out,

I fixed that problem so that it points to www.craigbursey.ca/joomla  not just  /.  

It did fix the problems that I was seeing on bootup but the logs are still showing this error for the Primary ibay.


[Sat Feb 03 15:09:14 2007] [warn] RSA server certificate CommonName (CN) `smehome.www.craigbursey.ca' does NOT match server name!?
[Sat Feb 03 15:09:14 2007] [notice] Apache configured -- resuming normal operations
[Sat Feb 03 15:17:51 2007] [warn] RSA server certificate CommonName (CN) `smehome.www.craigbursey.ca' does NOT match server name!?
[Sat Feb 03 15:17:52 2007] [notice] Digest: generating secret for digest authentication ...
[Sat Feb 03 15:17:52 2007] [notice] Digest: done
[Sat Feb 03 15:17:56 2007] [warn] RSA server certificate CommonName (CN) `smehome.www.craigbursey.ca' does NOT match server name!?
[Sat Feb 03 15:17:56 2007] [notice] Apache configured -- resuming normal operations
[Sat Feb 03 15:18:34 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.htm denied
[Sat Feb 03 15:18:34 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.html denied
[Sat Feb 03 15:18:34 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.shtml denied
[Sat Feb 03 15:18:34 2007] [error] [client 192.168.10.100] (13)Permission denied: access to /index.cgi denied

I think if I can fix th RSA error then that will solve my problem.   But I don't know how to  either fix or reset my servers RSA key, if that is indeed possbile.

Thanks for the help, it did fix part of the problem and I appreciate it.

Craig

[william_syd]

Well, smehome.www.craigbursey.ca is interesting.

Did you set your domain as www.craigbursey.ca and host name as smehome in the server console?

Go back to the server-console and make your domain craigbursey.ca and hostname smehome. This should regenerate your certificates.

If you still have joomla installed what does

Code: [Select]

config show joomla give you?

[pwgsc1]

Hey William,

Primary Domain Name is:  www.craigbursey.ca
Unique System Name is:  smehome.     (it was newserver, I changed it to smehome to see if it made a diff)

config show joomla gives:

joomla=service
    DbPassword=*****  (changed)
    Name=Joomla CMS
    PublicAccess=global
    URL=

Thanks,

C