Topic: Forbidden access to /

[ralieghnet]

I'm having trouble accessing my primary web site after I modified my firewall to allow RTMP access from the public. When if finally opened up the port 1935 and 5080 to allow my flash server to receive outside requests. Then the fatal message came

Forbidden

You don't have permission to access / on this server.

I have tried to undo the all my recent activity, but with no results. The weird thing is that I'm able to access other parts of the website that are not located in the root web folder such as server-manager, horde, and gallery2. I have check to logs for any error message that would give me any clues as to how to correct the problem, but found nothing that gave any answers.

The primary reason I opened the two ports was to allow Red5 to receive and send live streaming video over the internet. The server was already able to work successfully within the intranet side of the server with no problem.

Any suggestions on how to correct this problem would be greatly appreciated.

[cactus]

I'm having trouble accessing my primary web site after I modified my firewall to allow RTMP access from the public. When if finally opened up the port 1935 and 5080 to allow my flash server to receive outside requests.

I think you only need to setup some portforwards using the server-manager port forwarding panel ( http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Port_forwarding ).

Any suggestions on how to correct this problem would be greatly appreciated.

Since you do not tell us what you did exactly it is hard for us to tell you how to undo your steps. We do not have a USB powered crystal ball, you know?

[ralieghnet]

The First thing I did was to install java jdk 1.6. Then created and copied Apache Ant to its own directory. From there I proceeded to check out and install Red5. I proceeded to ran some applications to verify that Red5 installed correctly. At this point all my services were working correctly.

From here I began to open the port.

I used the command to open up the port
# config set red5 service access public status enabled TCPPort 1935,5080
# signal-event remoteaccess-update

While I was trouble shooting I found an error in my db configuration. I have since removed the error.
red5 = 1935, 5080 = TCPPort.
Not sure how this occurred, considering I was using the above command. Oh well I removed that error.

Also

Should the apache conf <director /> read

allow from none

[ralieghnet]

I have gone through all my httpd config files and did not find any errors.
Also there are no .httaccess file located in the affected directories.
 
I did try to change the general access from

order deny,allow
deny all
allow none

to

order deny, allow
deny all
allow all

but this had no affect on the root directory of www.qwerty.com or www.qwerty.com/joomla
Since this had no affect i placed the setting back to the state before i changed them.

Any suggestions would be greatly appreciated.

[janet]

ralieghnet

You should not be making any changes to httpd config files. You should create custom templates and make the necessary changes that way,  followed by the necessary signal event commands.See developers guide section that deals with custom templates or numerous examples in these forums and howtos eg search on httpd.conf or expand-template

www.qwerty.com

This site resolves OK for me

www.qwerty.com/joomla

This site does not resolve. I get this error
Not Found

The requested URL /joomla was not found on this server.


It seems you may not have configured joomla correctly or the joomla alias has been affected.

Without analysing your problem, and assuming you truly have removed all changes you made, you should be able to restore previous configuration by issuing:
signal-event post-upgrade
signal-event reboot

[ralieghnet]

I understand what you are saying with respect to not modifying the main httpd.conf file. I simply did this to see if I could find the root cause of the problem. It is much faster then going through all the template files.

I however did find what was causing the problem. Some how the group permission on the affect directories was changed. They were set to user of admin and group of share. Unfortunately the web access requires the group to be set to www. So when I made the required changed all problem affected.

If anyone has any ideas how to original command would affect this it would be greatly appreciated.

[janet]

ralieghnet

I understand what you are saying with respect to not modifying the main httpd.conf file. I simply did this to see if I could find the root cause of the problem. It is much faster then going through all the template files.

Far better and appropriate to troubleshoot by looking at the various log files. They will usually identify what is wrong by the nature of the errors.
Changing config file settings is usually just a "hit and miss' attempt to fix the problem when you don't really know what the reason is, because you have not properly analyzed the problem.

If anyone has any ideas how to original command would affect this it would be greatly appreciated.

The config command you referred to will not change file and directory permissions, so you need to look elsewhere.
Perhaps it happened after a ibay change, which reset permissions on the ibay that had been manually altered ?
Otherwise you may have manually changed something and forgot, or the other way around ie you forgot to reset permissions manually after other updates or changes, which you have now just done.