Problem with Deny and ErrorDocument

[roman34]

I have a problem: I try to Allow all but some IP adresses to access the virtual server but I also want them to show a personalized 403 page with a JSP script that shows the IP adress.

Everything works fine but it doesn't show the 403.jsp page

Can some one tell me what causes the problem?

(The directory where the 403.jsp is a sbudirectory of the home directory of the site)

Thanks


Here is the the virtualhost.conf

-----------------------------------------------
# Virtual Hosts configuration

# IP based virtual host for Watch!
# Whatever the hostname used, it should be served from here
# Know alternate names used are watch.tratebel.be and 195.16.0.124
<VirtualHost 10.24.64.38:80>
# Watch! Public server
ServerName watch-test.swan.xyz
ServerAdmin watch@xyz.com
HostnameLookups Off

# Next two lines is a silly way to put the server offline for maintenance
# RewriteEngine on
# RewriteRule ^(.*)$ /moving.html [PT]

ErrorDocument 404 /top/404.html
# Modif Roman
ErrorDocument 403 /top/403.jsp
# Fin modif Roman
#ErrorDocument 404 /moving.html

CustomLog "|/usr/oracle/OraiAS/Apache/Apache/bin/rotatelogs /usr/oracle/OraiAS/Apache/Apache/logs/read/access_log 86400" combined
ErrorLog /usr/oracle/OraiAS/Apache/Apache/logs/read/error_log

#User Tracking for use with Webtrends Analyzer
CookieTracking on
CookieName cid
CookieExpires "1 years"

DocumentRoot "/home/press/sites/read/root"
Alias /img/ "/home/press/sites/read/root/img/"
Alias /prov/ "/home/press/sites/common/providers/"

Alias /jsp/ "/home/press/sites/read/root/"
Alias /mine/ "/home/press/sites/read/leximine/mine/"

DirectoryIndex index.jsp index.html


# Modif Roman --> Interdiction plage IP filiale pour Watch sur répertoire racine
<Directory />
Order allow,deny
# allow from 10.19.129.67
# Deny from 10.19.129.67 // A retirer IP poste Roman

#FABRICOM GTI
deny from 200.45.0.0/16

#GTI
deny from 120.58.0.0/16
deny from 120.59.0.0/16
deny from 120.60.0.0/16

# ENGINEERING
deny from 125.16.0.0/19

# ENGINEERING
allow from 125.16.4.0/22
allow from 125.16.14.224/27
allow from 125.16.15.0/26

</Directory>


#<Location />
# Order deny,allow
# Deny from all
# Allow from localhost 10.25.254 watch.generale.suez
#</Location>

# Fin modif interdiction plage IP par Roman

#LEXIMINE
ScriptAlias /cgi-bin/ "/home/press/sites/read/cgi-bin/"
SetEnv LQMINE_ROOT /usr/local/SPSSLQ/Mine
PassEnv LQMINE_ROOT
</VirtualHost>

# CASTOR application
# IP based virtual host
<VirtualHost 10.24.64.40:80>
ServerName castor-test.swan.suez
ServerAdmin d.hamtiaux@sgb-gmb.be
HostnameLookups Off
DocumentRoot "/home/castor/"
CustomLog /usr/oracle/OraiAS/Apache/Apache/logs/castor/access_log combined
ErrorLog /usr/oracle/OraiAS/Apache/Apache/logs/castor/error_log
</VirtualHost>

------------------------------------------------------------

 

[feherke]

Hi

If the 403.jsp is also in the protected area, neighter that can be served to a restricted address. You must permit access to that file to everyone :

<Files 403.jsp>
  Order allow,deny
  Allow from all
</Files>

Feherke.

http://rootshell.be/~feherke/

 

[roman34]

I can't make it work...

I have changed the LOCATION directives for Directory directives for the / directory and I added a FILE directive inside the /TOP Directory directive

Can someone help?

here is the virtualhost.conf file

-----------------------------------------------------------
Virtual Hosts configuration

# IP based virtual host for Watch!
# Whatever the hostname used, it should be served from here
# Know alternate names used are watch.tratebel.be and 195.16.0.124
<VirtualHost 10.24.64.38:80>
# Watch! Public server
ServerName watch-test.swan.xyz
ServerAdmin watch@xxx-yyyyy.com
HostnameLookups Off

# Next two lines is a silly way to put the server offline for maintenance
# RewriteEngine on
# RewriteRule ^(.*)$ /moving.html [PT]

ErrorDocument 404 /top/404.html
# Modif Roman
# To use server-parsed HTML files
#

AddType text/html .shtml
AddHandler server-parsed .shtml

# Modif Roman
# Permits the right to access 403.jsp
<Directory /top>
Order allow,deny
Allow from all
<Files 403.jsp>
Order allow,deny
Allow from all
</Files>
</Directory>

ErrorDocument 403 /top/403.jsp
# Fin modif Roman
CustomLog "|/usr/oracle/OraiAS/Apache/Apache/bin/rotatelogs /usr/oracle/OraiAS/Apache/Apache/logs/read/access_log 86400" combined
ErrorLog /usr/oracle/OraiAS/Apache/Apache/logs/read/error_log

#User Tracking for use with Webtrends Analyzer
CookieTracking on
CookieName cid
CookieExpires "1 years"

DocumentRoot "/home/press/sites/read/root"
Alias /img/ "/home/press/sites/read/root/img/"
Alias /prov/ "/home/press/sites/common/providers/"

Alias /jsp/ "/home/press/sites/read/root/"
Alias /mine/ "/home/press/sites/read/leximine/mine/"

DirectoryIndex index.jsp index.html

# Modif Roman --> IP range blocked within Directory directive
<Directory />
Order allow,deny
Allow from all


#FABRICOM
deny from 10.45.0.0/16

</Directory>

<Location /img/ >
Order allow,deny
Allow from all
</Location>

#<Location />
# Order deny,allow
# Deny from all
# Allow from localhost 10.25.254 watch.generale.suez
#</Location>

# Fin modif interdiction plage IP par Roman

#LEXIMINE
ScriptAlias /cgi-bin/ "/home/press/sites/read/cgi-bin/"
SetEnv LQMINE_ROOT /usr/local/SPSSLQ/Mine
PassEnv LQMINE_ROOT
</VirtualHost>

# CASTOR application
# IP based virtual host
<VirtualHost 10.24.64.40:80>
ServerName castor-test.swan.suez
ServerAdmin d.hamtiaux@sgb-gmb.be
HostnameLookups Off
DocumentRoot "/home/castor/"
CustomLog /usr/oracle/OraiAS/Apache/Apache/logs/castor/access_log combined
ErrorLog /usr/oracle/OraiAS/Apache/Apache/logs/castor/error_log
</VirtualHost>

 

[feherke]

Hi

The permission for 403.jsp should be the last from those allow/deny settings.

Feherke.

http://rootshell.be/~feherke/

 

[roman34]

When I put the following lines just before the denies in the Directory

<Files 403.jsp>
Order allow,deny
Allow from all
</Files>


The denies don't work anymore...

Thanks for your help