Thread: Apache Forbidden You don't have permission to access...when theres no web files in t
i have ubuntu 10.04 server setup lamp installed.
want able access files in web directory via web browser
http://192.168.1.10/file
getting error "forbidden don't have permission access /file/ on server."
when web file "index.html" present in same /file directory, works, index.html shows on browser webpage..
code:root@nitram:~# ls -l /home/www total 14568 drwxrwxrwx 16 www-data www-data 4096 2011-06-24 13:26 blog drwxrwxrwx 3 www-data www-data 4096 2011-06-28 17:49 file drwxrwxrwx 7 www-data www-data 4096 2011-06-24 12:50 invoice -rwxrwxrwx 1 www-data www-data 6956762 2011-06-24 12:56 joomla_1.5.23-stable-full_package.zip -rwxrwxrwx 1 www-data www-data 7920151 2011-06-24 12:56 joomla_1.6.1-stable-full_package.zip drwxrwxrwx 16 www-data www-data 4096 2011-06-24 13:20 maxima drwxrwxrwx 18 www-data www-data 4096 2011-06-24 13:26 test drwxrwxrwx 16 www-data www-data 4096 2011-06-24 13:27 test2 drwxrwxrwx 16 www-data www-data 4096 2011-06-24 13:31 thunzic drwxrwxrwx 10 www-data www-data 4096 2011-06-24 12:56 webmail
code:root@nitram:~# nano /etc/apache2/sites-available/default <virtualhost *:80> serveradmin webmaster@localhost documentroot /home/www <directory /> options followsymlinks allowoverride none </directory> <directory /var/www/> options indexes followsymlinks multiviews allowoverride none order allow,deny allow </directory> scriptalias /cgi-bin/ /usr/lib/cgi-bin/ <directory "/usr/lib/cgi-bin"> allowoverride none options +execcgi -multiviews +symlinksifownermatch order allow,deny allow </directory> errorlog /var/log/apache2/error.log # possible values include: debug, info, notice, warn, error, crit, # alert, emerg. loglevel warn customlog /var/log/apache2/access.log combined alias /doc/ "/usr/share/doc/" <directory "/usr/share/doc/"> options indexes multiviews followsymlinks allowoverride none order deny,allow deny allow 127.0.0.0/255.0.0.0 ::1/128 </directory> </virtualhost>
code:root@nitram:~# nano /etc/apache2/apache2.conf # pidfile: file in server should record process # identification number when starts. # needs set in /etc/apache2/envvars # pidfile ${apache_pid_file} # # timeout: number of seconds before receives , sends time out. # timeout 300 # # keepalive: whether or not allow persistent connections (more # 1 request per connection). set "off" deactivate. # keepalive on # # maxkeepaliverequests: maximum number of requests allow # during persistent connection. set 0 allow unlimited amount. # recommend leave number high, maximum performance. # maxkeepaliverequests 100 # # keepalivetimeout: number of seconds wait next request # same client on same connection. # keepalivetimeout 15 ## ## server-pool size regulation (mpm specific) ## # prefork mpm # startservers: number of server processes start # minspareservers: minimum number of server processes kept spare # maxspareservers: maximum number of server processes kept spare # maxclients: maximum number of server processes allowed start # maxrequestsperchild: maximum number of requests server process serves <ifmodule mpm_prefork_module> startservers 5 minspareservers 5 maxspareservers 10 maxclients 150 maxrequestsperchild 0 </ifmodule> # worker mpm # startservers: initial number of server processes start # maxclients: maximum number of simultaneous client connections # minsparethreads: minimum number of worker threads kept spare # maxsparethreads: maximum number of worker threads kept spare # threadsperchild: constant number of worker threads in each server process # maxrequestsperchild: maximum number of requests server process serves <ifmodule mpm_worker_module> startservers 2 minsparethreads 25 maxsparethreads 75 threadlimit 64 threadsperchild 25 maxclients 150 maxrequestsperchild 0 </ifmodule> # event mpm # startservers: initial number of server processes start # maxclients: maximum number of simultaneous client connections # minsparethreads: minimum number of worker threads kept spare # maxsparethreads: maximum number of worker threads kept spare # threadsperchild: constant number of worker threads in each server process # maxrequestsperchild: maximum number of requests server process serves <ifmodule mpm_event_module> startservers 2 maxclients 150 minsparethreads 25 maxsparethreads 75 threadlimit 64 threadsperchild 25 maxrequestsperchild 0 </ifmodule> # these need set in /etc/apache2/envvars user ${apache_run_user} group ${apache_run_group} # # accessfilename: name of file in each directory # additional configuration directives. see allowoverride # directive. # accessfilename .htaccess # # following lines prevent .htaccess , .htpasswd files being # viewed web clients. # <files ~ "^\.ht"> order allow,deny deny satisfy </files> # # defaulttype default mime type server use document # if cannot otherwise determine one, such filename extensions. # if server contains text or html documents, "text/plain" # value. if of content binary, such applications # or images, may want use "application/octet-stream" instead # keep browsers trying display binary files though # text. # defaulttype text/plain # # hostnamelookups: log names of clients or ip addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # default off because it'd overall better net if people # had knowingly turn feature on, since enabling means # each client request result in @ least 1 lookup request # nameserver. # hostnamelookups off # errorlog: location of error log file. # if not specify errorlog directive within <virtualhost> # container, error messages relating virtual host # logged here. if *do* define error logfile <virtualhost> # container, host's errors logged there , not here. # errorlog /var/log/apache2/error.log # # loglevel: control number of messages logged error_log. # possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # loglevel warn # include module configuration: include /etc/apache2/mods-enabled/*.load include /etc/apache2/mods-enabled/*.conf # include user configurations: include /etc/apache2/httpd.conf # include ports listing include /etc/apache2/ports.conf # # following directives define format nicknames use # customlog directive (see below). # if behind reverse proxy, might want change %h %{x-forwarded-for}i # logformat "%v:%p %h %l %u %t \"%r\" %>s %o \"%{referer}i\" \"%{user-agent}i\"" vhost_combined logformat "%h %l %u %t \"%r\" %>s %o \"%{referer}i\" \"%{user-agent}i\"" combined logformat "%h %l %u %t \"%r\" %>s %o" common logformat "%{referer}i -> %u" referer logformat "%{user-agent}i" agent # # define access log virtualhosts don't define own logfile customlog /var/log/apache2/other_vhosts_access.log vhost_combined # include of directories ignores editors' , dpkg's backup files, # see readme.debian details. # include generic snippets of statements include /etc/apache2/conf.d/ # include virtual host configurations: include /etc/apache2/sites-enabled/
used cli setup server. when used use webmin, able browse web server directories.
please me enable dir browsing feature.
let's start security: directory should owned else other www-data, root. directory should not writable either world or www-data.
code:groupadd webmasters chown root:webmasters /home/www find /home/www -type d -exec chmod u=rwx,g=rwxs,o=rx {} \; find /home/www -type f -exec chmod u=rw,g=rw,o=r {} \;
Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [ubuntu] Apache Forbidden You don't have permission to access...when theres no web files in t
Ubuntu
Comments
Post a Comment