# Apache Problem: Does anyone have an answer?

## niXers

Well... I recently re-imaged my 1.4 gentoo machine which was lying around. I finished imaging it with everything to the latest stable packages, but there seems to be a problem with Apache. Never mind the missing symlink Log file. 

The apache runs just fine and has no problem! (Ofcourse after the long minutes of searching around for a fix). I can eaily browse the htdocs folder when there are only files. (e.g. index.html, index.php, test.php, etc.)

Now the moment I create a folder within the /var/www/localhost/htdocs folder, I can't browse to anything! and I get the:

 *Quote:*   

> Forbidden
> 
> You don't have permission to access / on this server.

 

I have tried Chown/ing or Chmod/ing the test folder which I created, but I still can't browse to the folders.

I normally use Vhosts for my hosting needs, and this little bug is killing me!!! Does anybody know how to fix this? I have looked all over the forums, and I can't find the answer to this problem.

----------

## /dev/random

Your apache(2).conf file would probably be helpful.

----------

## niXers

```
### /etc/apache2/conf/apache2.conf

### $Id: apache2.conf,v 1.1 2004/03/22 21:17:57 stuart Exp $

###

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerRoot /usr/lib/apache2

ServerName myservername

#LockFile /etc/apache2/apache2.lock

PidFile /var/run/apache2.pid

ErrorLog logs/error_log

LogLevel warn

DocumentRoot /var/www/localhost/htdocs

### Dynamic Shared Object (DSO) Support

### 

### You should always leave these three, as they are needed for normal use.

### mod_access (Order, Allow, etc..)

### mod_log_config (Transferlog, etc..)

### mod_mime (AddType, etc...)

###

LoadModule access_module                 modules/mod_access.so

LoadModule auth_module                   modules/mod_auth.so

LoadModule auth_anon_module              modules/mod_auth_anon.so

LoadModule auth_dbm_module               modules/mod_auth_dbm.so

LoadModule auth_digest_module            modules/mod_auth_digest.so

LoadModule include_module                modules/mod_include.so

LoadModule log_config_module             modules/mod_log_config.so

LoadModule env_module                    modules/mod_env.so

LoadModule mime_magic_module             modules/mod_mime_magic.so

LoadModule cern_meta_module              modules/mod_cern_meta.so

LoadModule expires_module                modules/mod_expires.so

LoadModule headers_module                modules/mod_headers.so

LoadModule usertrack_module              modules/mod_usertrack.so

LoadModule unique_id_module              modules/mod_unique_id.so

LoadModule setenvif_module               modules/mod_setenvif.so

LoadModule proxy_module                  modules/mod_proxy.so

LoadModule proxy_connect_module          modules/mod_proxy_connect.so

LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so

LoadModule proxy_http_module            modules/mod_proxy_http.so

LoadModule mime_module                   modules/mod_mime.so

LoadModule status_module                 modules/mod_status.so

LoadModule autoindex_module              modules/mod_autoindex.so

LoadModule asis_module                   modules/mod_asis.so

LoadModule info_module                   modules/mod_info.so

LoadModule cgi_module                    modules/mod_cgi.so

LoadModule cgid_module                   modules/mod_cgid.so

LoadModule vhost_alias_module            modules/mod_vhost_alias.so

LoadModule negotiation_module            modules/mod_negotiation.so

LoadModule dir_module                    modules/mod_dir.so

LoadModule imap_module                   modules/mod_imap.so

LoadModule actions_module                modules/mod_actions.so

LoadModule speling_module                modules/mod_speling.so

LoadModule userdir_module                modules/mod_userdir.so

LoadModule alias_module                  modules/mod_alias.so

LoadModule rewrite_module                modules/mod_rewrite.so

###

### New Modules for 2.0 (some are experimental)

###

LoadModule file_cache_module             modules/mod_file_cache.so

LoadModule echo_module                   modules/mod_echo.so

LoadModule charset_lite_module           modules/mod_charset_lite.so

LoadModule cache_module                  modules/mod_cache.so

LoadModule disk_cache_module             modules/mod_disk_cache.so

LoadModule mem_cache_module              modules/mod_mem_cache.so

LoadModule ext_filter_module             modules/mod_ext_filter.so

LoadModule case_filter_module            modules/mod_case_filter.so

LoadModule case_filter_in_module         modules/mod_case_filter_in.so

LoadModule deflate_module                modules/mod_deflate.so

#LoadModule optional_hook_export_module   modules/mod_optional_hook_export.so

#LoadModule optional_hook_import_module   modules/mod_optional_hook_import.so

#LoadModule optional_fn_import_module     modules/mod_optional_fn_import.so

#LoadModule optional_fn_export_module     modules/mod_optional_fn_export.so

#LoadModule bucketeer_module              modules/mod_bucketeer.so

LoadModule logio_module                  modules/mod_logio.so

###

### Global Configuration

###

# Splitting up apache2.conf into two files makes it easier to support

# multiple configurations on the same serer.  In commonapache2.conf

# you keep directives that apply to all implementations and in this

# file you keep server-specific directives.  While we don't yet have

# multiple configurations out-of-the-box, this allows us to do that

# in the future easily.  (PERLPROXIED *ahem*)

#

# For Apache2 we load all conf files in conf/modules.d

Include conf/modules.d/*.conf

Include conf/commonapache2.conf

###

### IP Address/Port

###

#BindAddress *

Listen 80

###

### Log configuration Section

###

<IfModule mod_log_config.c>

#Single logfile with access, agent and referer information

#This is the default, if vlogs are not defined for the main server

CustomLog logs/access_log combined env=!VLOG

#If VLOG is defined in conf/vhosts/vhosts.conf, we use this entry

#CustomLog "|/usr/sbin/apache2splitlogfile" vhost env=VLOG

</IfModule>

###

### Virtual Hosts 

###

# We include different templates for Virtual Hosting. Have a look in the 

# vhosts directory and modify to suit your needs.

#Include conf/vhosts/vhosts.conf

#Include conf/vhosts/dynamic-vhosts.conf

#Include conf/vhosts/virtual-homepages.conf

###

### Performance settings Section

###

#

# Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

# KeepAlive: Whether or not to allow persistent connections (more than

# one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

#

# MaxKeepAliveRequests: The maximum number of requests to allow

# during a persistent connection. Set to 0 to allow an unlimited amount.

# We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

#

# KeepAliveTimeout: Number of seconds to wait for the next request from the

# same client on the same connection.

#

KeepAliveTimeout 15

# prefork MPM [THIS IS THE DEFAULT]

# StartServers: number of server processes to start

# MinSpareServers: minimum number of server processes which are kept spare

# MaxSpareServers: maximum number of server processes which are kept spare

# MaxClients: maximum number of server processes allowed to start

# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule prefork.c>

StartServers         5

MinSpareServers      5

MaxSpareServers     10

MaxClients         150

MaxRequestsPerChild  0

</IfModule>

# worker MPM

# StartServers: initial number of server processes to start

# MaxClients: maximum number of simultaneous client connections

# MinSpareThreads: minimum number of worker threads which are kept spare

# MaxSpareThreads: maximum number of worker threads which are kept spare

# ThreadsPerChild: constant number of worker threads in each server process

# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule worker.c>

StartServers         2

MaxClients         150

MinSpareThreads     25

MaxSpareThreads     75

ThreadsPerChild     25

MaxRequestsPerChild  0

</IfModule>

# perchild MPM

# NumServers: constant number of server processes

# StartThreads: initial number of worker threads in each server process

# MinSpareThreads: minimum number of worker threads which are kept spare

# MaxSpareThreads: maximum number of worker threads which are kept spare

# MaxThreadsPerChild: maximum number of worker threads in each server process

# MaxRequestsPerChild: maximum number of connections per server process

<IfModule perchild.c>

NumServers           5

StartThreads         5

MinSpareThreads      5

MaxSpareThreads     10

MaxThreadsPerChild  20

MaxRequestsPerChild  0

</IfModule>
```

----------

## /dev/random

Okay well I see no mentioning of VirtualHosts in there so can I assume you set it up in /etc/apache2/conf/vhosts/vhosts.conf can I see that file?

----------

## niXers

```
################# vhosts.conf

#This is where we store the VirtualHosts configuration.

#

#Since Apache 1.3.19, we modified the setup to include some nice tricks:

#

#- Added SuExecUserGroup [user] [group] directive so VirtualHosts now work with

#  suexec directive. If set, Apache will run all cgi scripts under that

#  user and group (provided the uid and gid are > 1000 for security). The

#  directories and cgi files *must* belong to that user/group for the

#  feature to work

#- We added the Setenv VLOG directive. This works in conjunction with

#  the CustomLog in commonapache2.conf. When Setenv VLOG is set, apache will

#  create a /var/log/apache2/VLOG-YYYY-MM-<ServerName>.log instead of logging

#  to access_log. Use this instead of defining a special logfile for

#  each vhost, otherwise you eat up file descriptors.

#- You can also specify a path for the VLOG for each Vhost, for example,

#  to place the logs in each user's directory. However, if you want to

#  use the file for accounting, place it in a directory owned by root,

#  otherwise the user will be able to erase it.

#- I suggest only including the ErrorLog *only* if the vhost will use

#  cgi scripts. Again, it saves file descriptors! 

################# IP-based Virtual Hosts 

#<VirtualHost 192.168.2.100>

#SuExecUserGroup jmdault jmdault

#DocumentRoot /home/jmdault/public_html

#ServerName test2.com

#Setenv VLOG /home/jmdault/logs

#ErrorLogs /home/jmdault/test2-error_log

#RewriteEngine On

#RewriteOptions inherit

#</VirtualHost>

################# Named VirtualHosts

#NameVirtualHost 111.222.33.44

#<VirtualHost 111.222.33.44>

#ServerName www.domain.tld

#ServerPath /domain

#DocumentRoot /web/domain

#</VirtualHost>

NameVirtualHost *:80

<VirtualHost *:80>

ServerName www.myserver.com

ServerAlias myserver.com *.myserver.com www.myserver.com

DocumentRoot /var/www/localhost/htdocs/Test

##########################################################

###Please Do Not Comment The Following 3 Lines!        ###

###They are for security reasons.                      ###

###"Cross-Site-Scripting-Attacks": An Attacker may use ###

###this flaw to trick our legitimate users to give     ###

###him their credentials.                              ###

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

##########################################################

</VirtualHost>

<Directory /var/www/localhost/htdocs/Test>

Options All

AllowOverride All

<IfModule mod_access.c>

Order allow,deny

Allow from all

</IfModule>

</Directory>
```

----------

## /dev/random

Try throwing this in after you define your Virtual host

```

 <Directory />

Order Allow,Deny

Allow from All

</Directory>

```

Or putting a properly setup .htaccess file in /var/www/localhost/htdocs/Test

----------

## niXers

I will try to do that, but I have never had this problem before. This is the first time ever that Apache is playing hard to get with me.  :Confused: 

----------

## zerojay

Newer versions of Apache moved things over to /usr/lib/apache, I believe. Might want to check stuff out there.

----------

## niXers

I am still having the same problem.  And I believe /usr/lib/apache is the same thing as /etc/apache/conf. I didn't check but I think it is a symlink.

----------

## niXers

This problem/bug or w/e you would like to call it has become a big headache. I tried installing Apache on 3 other fresh installs, and samething is happening!!! Could someone please solve this problem?

----------

## lyon

When ever this has happend to me it is alway because I didn't have the below for the directory out of the document root. Notice that there is a <Direcotry> tag for the document root allowing permission. Copy that format for the one you can access then put the premissions on the files back to how they should be.

<Directory /to/my/dir/out/of/the/root>

etc.etc.etc.etc.

</Directory>

Hope it helps

Matt

----------

## niXers

Could you maybe should me an example of what you exactly mean? cause I tried what you suggested and I still seem to have the same problem.  :Confused: 

----------

## lyon

Dang, I just read your question better. None of this should apply as it is in the document root. It should be all file permissions. That or you you do what happens to me and mess up the config file in desperation. 

permission of 755 on directorys and 644 for files.

hope it helps

----------

## lyon

That or a file got messed up on the re-emerge.

----------

## niXers

Well to be honest with you, Portage has been a mess in the past month. Most packages are pain to work with. They are all either missing symlinks, or an option which they used to have. Anyways, I have tried any type of permissioning command that there is out there. Still no luck.  :Evil or Very Mad: 

----------

## westboy21

Adding this to your commonapache.conf file will allow indexed listings of a the directory called "somedirectory" if your webroot is /var/www/localhost/htdocs/

```

   <Directory /var/www/localhost/htdocs/somedirectory>

        AllowOverride None

        Options Indexes Includes FollowSymlinks

        Order deny,allow

        Allow from all

   </Directory>

```

----------

## westboy21

I should probably give a little bit more info on this.  Apache2 protects directorys on the webserver a little more strictly than apache 1.3 does.  Apache2 makes very good use of .htaccess files within directories.  The above post I made is one way of allowing access to a directory in your webroot.  Of course the folders should be chown'd by apache, but all the chowning and and chmoding in the world isn't going to help with apache2 and directory permissions.  Just remember all this is done with .htaccess and commonapache.conf   :Very Happy: 

----------

## niXers

I am officially at the state of confusion. I cannot believe a small problem like this has become such a head scratcher! Even that didn't work. Feel free to give any suggestions. I am willing to try anything. No documentation seems to work anymore.  :Very Happy: 

Note: I should point out that I have been using Apache2 since the beggining of its existince, and I have never had this problem before.

----------

## niXers

When I looked into /var/log/apache2/error_log I get the following:

```
[Tue Jan 25 20:05:36 2005] [error] [client 192.168.0.1] Directory index forbidden by rule: /var/www/localhost/htdocs/
```

How can I disable this so called "Rule"?   :Confused: 

----------

## westboy21

If that were my machine I would check the basic set of rules for the webroot directory located in commonapache.conf.  i.e.

<Directory /var/www/localhost/htdocs>

   some crap here keeping it from working

</Directory>

A declaration such as this ANYWHERE in the commonapache.conf file will override anything else you right in to try and give permission.  I would suggest finding and changing this.  

If that doesn't work, throw the machine out the window.  It eases the stress. (for the moment)  I'm out of ideas.  :Smile: 

----------

## niXers

I think I would have to go with your last comment. I just wish I didn't live in a condo. Then I could have said good bye to it with passion!  :Wink: 

----------

## niXers

I just emerged apache on a new machine. I have vhosts as one of my USE flags, but when I tried emerge -av apache, unlike the times before it didn't associate the vhosts flag as one of the options which apache's compile relates to. Why is that? Does anyone have a fix for this? cause I think this is where my problem originates from.

----------

## pernik

Hi

I have had the same problem. To solve it:

edit /etc/apache2/conf/commonapache2.conf

find the line

<Directory /var/www/localhost/htdocs>

and change the line to new document root.

I hope it helps.

----------

## j-m

 *niXers wrote:*   

> When I looked into /var/log/apache2/error_log I get the following:
> 
> ```
> [Tue Jan 25 20:05:36 2005] [error] [client 192.168.0.1] Directory index forbidden by rule: /var/www/localhost/htdocs/
> ```
> ...

 

```

Options Indexes

```

----------

## j-m

 *niXers wrote:*   

> I just emerged apache on a new machine. I have vhosts as one of my USE flags, but when I tried emerge -av apache, unlike the times before it didn't associate the vhosts flag as one of the options which apache's compile relates to. Why is that? Does anyone have a fix for this? cause I think this is where my problem originates from.

 

Apache has no "vhosts" flag.

```

$ esearch -v apache

net-www/apache

      Latest version available: 2.0.52-r1

      Latest version installed: 2.0.52-r1

      Unstable version:         2.0.52-r3

      Use Flags (stable):       +berkdb -debug -doc +gdbm -ipv6 -ldap +ssl -static -threads

      Size of downloaded files: 6,779 kB

      Homepage:    http://www.apache.org/

      Description: Apache Web Server, Version 2.0.x

      License:     Apache-2.0

```

You need to enable 

```

LoadModule vhost_alias_module            modules/mod_vhost_alias.so

```

in apache2.conf and you really need to read the fine docs at Apache website...   :Rolling Eyes: 

----------

## niXers

If by enabling you mean un-commenting, then I'd have to say that it was un-commented since the beggining.

----------

## j-m

```

# We include different templates for Virtual Hosting. Have a look in the

# vhosts directory and modify to suit your needs.

#Include conf/vhosts/vhosts.conf

#Include conf/vhosts/dynamic-vhosts.conf

#Include conf/vhosts/virtual-homepages.conf 

```

This is NOT particularly useful setup for virtual hosts. This way, you may put anything into your vhosts.conf but it is irrelevant because this file is never read by Apache.

Plz. do read the docs...   :Rolling Eyes: 

----------

## niXers

Thank you very very much. I do infact read the docs all the time. I RTFM  :Wink:  It's just that the Gentoo Apache keeps changing and I seriously don't have time to keep up. I hope the developers stop making such small and un-noticable changes.   :Confused: 

----------

## j-m

So does it work now   :Question: 

P.S. You have some very odd configuration files, perhaps from some rather outdated Apache version. E.g., I cannot find this anywhere in default portage *.conf files:

```

##########################################################

###Please Do Not Comment The Following 3 Lines!        ###

###They are for security reasons.                      ###

###"Cross-Site-Scripting-Attacks": An Attacker may use ###

###this flaw to trick our legitimate users to give     ###

###him their credentials.                              ###

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

########################################################## 

```

Is this from Apache 1.3.x ?

----------

## niXers

Actually yes it did fix it for me! Thank you very much, and in regards to the configuration, I'd have to say that, that configuration was added by me. Its an extra security measure. I basically run Nessus against my servers every week, and that code was given to me by Nessus. It is not a portage configuration.

----------

## j-m

 *niXers wrote:*   

> Thank you very much, and in regards to the configuration, I'd have to say that, that configuration was added by me. Its an extra security measure. I basically run Nessus against my servers every week, and that code was given to me by Nessus. It is not a portage configuration.

 

Ugh, this hype still lives?  :Shocked: 

http://www.securityfocus.com/archive/1/307778/2003-01-23/2003-01-29/0

https://bugs.gentoo.org/show_bug.cgi?id=26529

http://www.apacheweek.com/issues/03-01-24#news

----------

