logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: AH01797: client denied by server configuration
Author
sebastienserre



Joined: 05 Jun 2014
Posts: 5
Location: France, Paris

PostPosted: Thu 05 Jun '14 23:08    Post subject: AH01797: client denied by server configuration Reply with quote

Hello

I've a Wordpress Blog on a Ubuntu 13.10 server with Apache 2.4.2.

For only one page on this site I 've this error and can't find a solution.

Code:
[access_compat:error] [pid 3101] [client my_ip:37071] AH01797: client denied by server configuration: /var/www/thiverval-grignon.com/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php


Is someone could help me please?

Many thx by advance

Seb
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sat 28 Jun '14 12:05    Post subject: Reply with quote

Are there any .htaccess files that may block the access? Correct file and folder permissions?
Back to top
sebastienserre



Joined: 05 Jun 2014
Posts: 5
Location: France, Paris

PostPosted: Sat 28 Jun '14 19:43    Post subject: Reply with quote

Unfortunately not, never found the matter...
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 30 Jun '14 11:17    Post subject: Reply with quote

since it's 2.4 and the error is from mod_access_compat I'd probably start by getting rid of the old Order/Allow/Deny style access directives in my config for this host and use 2.4s Require directives.

Actually, I'd work on ridding my entire config of all the old style and then unload the module since it would no longer be needed. I've found mixing old and new style access directives has varied odd behaviors.
Back to top
sebastienserre



Joined: 05 Jun 2014
Posts: 5
Location: France, Paris

PostPosted: Tue 09 Sep '14 11:51    Post subject: Reply with quote

Hello
I came back as I think it's a misconfiguration on an Ubuntu Server 14.04.1 with Apache 2.4.

I don't understand how to solve my pb and comme back to Apache as I use Nginx for the moment but no very happy of it for the moment.

here's my conf:
Code:
<VirtualHost *:80>
   ServerAdmin sebastien@thivinfo.com
   ServerName dev.thiverval-grignon.com
   DocumentRoot /var/www/thiverval-grignon.com
   <Directory />
      Options FollowSymLinks
      AllowOverride all
   </Directory>
   <Directory /var/www/thiverval-grignon.com>
      Options FollowSymLinks MultiViews
      AllowOverride all
      Require all granted
   </Directory>

   ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
   <Directory "/usr/lib/cgi-bin">
      AllowOverride None
      Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
      Order allow,deny
      Allow from all
   </Directory>

   ErrorLog /var/log/apache2/error.log

   # Possible values include: debug, info, notice, warn, error, crit,
   # alert, emerg.
   LogLevel warn

   CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
Options +FollowSymlinks
RewriteEngine on

# Lorsque l'on tape dans la barre d'adresse www.votre_domaine.net/page-* c'est la page www.votre_domaine.net/page.php?id=* qui s'affiche
# ^ et $ signifie respectivement le dét et la fin d'une expression réliè
RewriteRule ^page-([0-9]+)$ /page.php?id=$1 [L]

</VirtualHost>


Thx by adavance for your help
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Wed 10 Sep '14 11:09    Post subject: Reply with quote

You are mixing the new auth config and the old one. It is known that that causes conflicts. Use only the old style or only the new one. Of cause the new one is recommended Wink
Back to top
sebastienserre



Joined: 05 Jun 2014
Posts: 5
Location: France, Paris

PostPosted: Wed 10 Sep '14 11:12    Post subject: Reply with quote

I understand, where can i find a Tutorials explaining me how to convert mine?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Wed 10 Sep '14 11:26    Post subject: Reply with quote

The old order allow deny with the new config exmaple

Code:

Order allow,deny
Allow from all

just becomes
Code:
Require all granted


Code:

Order allow,deny
Deny from all


becomes

Code:
Require all denied


a bit more complex example
Code:

    <Directory /var/www/>
        Options Indexes FollowSymLinks Multiviews
        AllowOverride All
        <RequireAll>
        Require all granted
        Require not ip 188.40 46.4 176.9 46.166 46.21 78.46 91.207.7.21 0.0.0.0 91.207.7.182
        </RequireAll>
</Directory>

Back to top
jraute



Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany

PostPosted: Wed 10 Sep '14 16:17    Post subject: Reply with quote

Many thanks and a question:

Is it correct to assume that
Code:
   Order deny,allow
   Deny from all
   Allow from 127.0.0.1 172.16.0.0/255.255.0.0


will be

Code:
   Require all denied
   Require ip 127.0.0.1 172.16.0.0/255.255.0.0


or do i have to use a section like

Code:
   <RequireAll>
   Require all denied
   Require ip 127.0.0.1 172.16.0.0/255.255.0.0
   </RequireAll>
?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 12 Sep '14 12:30    Post subject: Reply with quote

Nope, only
Code:

Require ip 127.0.0.1 172.16.0.0/255.255.0.0
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 12 Sep '14 12:32    Post subject: Reply with quote

You can also use it shorter like
Code:

Require ip 127
Require ip 172.16
Back to top
jraute



Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany

PostPosted: Fri 12 Sep '14 14:46    Post subject: Reply with quote

Is the form (require ip ...) secure in the same way as the old declaration?
Because in the old declaration first everything was denied and then only a small portion was allowed so that if there is a little mistake in the allowed-declaration the first one still denies for all (the rest).

I just want to be sure, that most important and first of all there is no access and only in a second step i want to open it for only a few ip's.

If thats done with require ip, then ok, but if it can be done with "require all denied" and then "require ip" i would prefer that one (as long as it is not a mistake).

(In that context it would be interesting to know what happens if there is no require declaration.)

Thanks and greets
JR
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sun 14 Sep '14 21:12    Post subject: Reply with quote

the new deolcaration is as secure as the old one. You need only that require ip stuff.

What happens without? Why don't you try out?
Back to top
jraute



Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany

PostPosted: Mon 15 Sep '14 8:45    Post subject: Reply with quote

James Blond wrote:
Why don't you try out?


Hmmm Wink, yes, why not?
A bit lazy ... Embarassed
And i like the conversation.

Ok, will check that.


Last edited by jraute on Mon 15 Sep '14 9:18; edited 1 time in total
Back to top
jraute



Joined: 13 Sep 2013
Posts: 188
Location: Rheinland, Germany

PostPosted: Mon 15 Sep '14 9:10    Post subject: Reply with quote

Ok, i've tried.
Results:

If i use a section
Code:
   <RequireAll>
     Require all denied
     Require ip 127.0.0.1 172.16.0.0/255.255.0.0
   </RequireAll>
which includes "require all denied" there is no access regardless if i include "require ip ...".

If i don't use a section
Code:
   Require all denied
   Require ip 127.0.0.1 172.16.0.0/255.255.0.0
or just
Code:
   Require ip 127.0.0.1 172.16.0.0/255.255.0.0
it works.

If i do not define anything (just without a require declaration) there is access for everybody!

So i need the "require ip ..." as a minimum.
Back to top
sebastienserre



Joined: 05 Jun 2014
Posts: 5
Location: France, Paris

PostPosted: Sun 02 Nov '14 1:02    Post subject: Reply with quote

Hello

I'm back to correctly configure my Apache2.4.7

I allways have an error:
AH01797: client denied by server configuration:

with conf:
Code:

<VirtualHost *:80>
        ServerName thiverval-grignon.com
        ServerAlias www.thiverval-grignon.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/thiverval-grignon.com
        <Directory /var/www/thiverval-grignon.com>
                Options -Indexes
                AllowOverride all
                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
Options +FollowSymlinks
RewriteEngine on
</VirtualHost>


Don't understand what's wrong, please help me.

Many thx

mode note: cleaned config and added bb tags
Back to top


Reply to topic   Topic: AH01797: client denied by server configuration View previous topic :: View next topic
Post new topic   Forum Index -> Apache