Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Access forbidden" when accessing Webpage via https 1

Status
Not open for further replies.
gosuc2000

gosuc2000

Technical User
Jun 2, 2004
59
DE
Hello List,

I try to find the cause of an acces-error on my webpage, when I try to request that page via https.
I must admit I have only little experience with Apache.

To get more info about what happens, I changed the loglevel to "debug". So the log reports an operational SSL-Environment aftzer starting Apache (apache2 startssl).

When I try to access my page from my browser via https ,
I first get a warning, that the certificate was not issued for this server (although I typed in my servername correctly under 'common name' when I created the certificate) and after that I'm asked, wheter I want to continue with the connection. After confirming that, I end up in with a message in my browser : "ACCES FORBIDDEN" you don't have the permission to access the requested object..

ERROR 403.

Here is an excerpt of the log-messages during the https-request.

It can't be too much wrong, but I just couldn't find the
error.

So any help of the "experienced" is very apreciated.

Regards

Fred


Here are the Log-messages:

[Sat Nov 19 14:29:06 2005] [info] Initial (No.1) HTTPS request received for child 5 (server mars.site:443)
[Sat Nov 19 14:29:06 2005] [error] [client ::1] client denied by server configuration: /srv/ referer: [Sat Nov 19 14:29:21 2005] [debug] ssl_engine_io.c(1632): OpenSSL: I/O error, 5 bytes expected to read on BIO#802bd948 [mem: 802c4fc8]
[Sat Nov 19 14:29:21 2005] [info] (70007)The timeout specified has expired: SSL input filter read failed.
[Sat Nov 19 14:29:21 2005] [debug] ssl_engine_kernel.c(1808): OpenSSL: Write: SSL negotiation finished successfully
[Sat Nov 19 14:29:21 2005] [info] Connection to child 5 closed with standard shutdown(server mars.site:443, client ::1)
 
Sort by date Sort by votes
HI smah
I changed the filesystem-permission for /srv/ to the
apache-user I also changed the group (for testing) to nobody. Unfortunally, the problem remains the same.
Could it have anything to do with the complaining log-message "[warn] RSA server certificate CommonName (CN) 'myhostname' does NOT match server name!?
Maybe this is the reason if the certificate contains another Servername than the expected Servername, the access is forbidden ?

Thats my next question, what name (Common name) do i have to type in when generating the certificate (with certificate.sh)? I typed in the hostname (received by typing 'hostname') but the errorlog still complains the mismatch between the servername and the server the certificate was issued for.

Any help is welcome, because I do need the SSL-Server.
Thanks for any help in advance.

Regards,

Fred
 
Upvote 0 Downvote
The certificate details shouldn't be a problem at this point. The certificate just prompts the user that it may not be accessing what they think they are. The real problem at this point lies in
log said:
[Sat Nov 19 14:29:06 2005] [error] [client ::1] client denied by server configuration: /srv/www/htdocs/steuerberater/chk
Click to expand...
browser said:
"ACCES FORBIDDEN" you don't have the permission to access the requested object.
Click to expand...
Is trying to reach a file named /srv/www/htdocs/steuerberater/chk, or is this a directory? If it's a directory, you might have a Directory container, Location container or .htaccess file that could be preventing access. If it's a directory, try putting a simple index.html file in there & let us know what happens.
 
Upvote 0 Downvote
Hello,
thank you for answering so quickly.

/srv/ is a directory.

I found out, that I have the same problem (accessing via https) when I try to access
So I checked the directory-permissions for /srv/(which is document root).It was root: root. For testing I changed this to owner (apache-user) and group nobody. I did the same with all directories under it.
The result is still the same.

Here is the content of the browser:

Access forbidden!
You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.
If you think this is a server error, please contact the webmaster.
Error 403
localhost
Wed Nov 23 15:04:05 2005
Apache/2.0.54 (Linux/SUSE)

So I changed the dirctory-permission (htdocs) to 777. index.html is available inside htdocs with owner and group nobody.

And again, this is in the errorlog, when I try to access

[Wed Nov 23 15:04:05 2005] [info] Initial (No.1) HTTPS request received for child 7 (server [Wed Nov 23 15:04:05 2005] [error] [client ::1] client denied by server configuration: /srv/[Wed Nov 23 15:04:20 2005] [debug] ssl_engine_io.c(1632): OpenSSL: I/O error, 5 bytes expected to read on BIO#802bd968 [mem: 802c4fe8]
[Wed Nov 23 15:04:20 2005] [info] (70007)The timeout specified has expired: SSL input filter read failed.
[Wed Nov 23 15:04:20 2005] [debug] ssl_engine_kernel.c(1808): OpenSSL: Write: SSL negotiation finished successfully
[Wed Nov 23 15:04:20 2005] [info] Connection to child 7 closed with standard shutdown(server client ::1)

Puh, if this happens only under https, what have I misconfigured the server?



Thanks for your patience and excuse my English.

Regards,
Fred
 
Upvote 0 Downvote
I don't use apapche for any secure sites, so I can't really help with the details of that. But I still think that it's related to a permissions problem. Apache treats the secure server as a seperate virtual host - with it's own directives and possibly it's own document root. Check the directives inside the <VirtualHost _default_:443> container. This may even be in a seperate .conf file.
 
Upvote 0 Downvote
You're right.

I solved the problem by adding the following in httpd.conf:

<Directory /srv/ AllowOverride AuthConfig
Allow from 192.168.178.0
</Directory>

So when I click on the link that leads me to this directory, the protocoll changes as expected to https,
asks for the password and then establishes the connection.

That's o.k. so far.

But I still can't go to
Perhaps I have to make some directory-setups for /srv/ I give a notice here when I have the
solution.

Thanks for helping.

Regards,

Fred
 
Upvote 0 Downvote
I would say that the same problem applies, because you have the same errors. You could probably do the same thing in the for the Directory /, or you could probably create an entirely different document root for the ssl virtural host. But, I don't run both secure & non-secure sites on the same server, so you might want to investigate this route more before using it in a production environment.
 
Upvote 0 Downvote
When creating the SSL virtual host did you set the DocumentRoot accordingly? If there is no definition then apache likely won't know what to serve.

I run both on the same server and I set both DocumentRoot for 80 and 443 to the same directory and I don't have this problem.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kristiandg
  • Locked
  • Question
Linux, &quot;port mirror&quot; between two boxes...
Replies
0
Views
127
kristiandg
kristiandg
gregor weertman
  • Locked
  • Question
set samba &quot;template shell&quot; dependent on group
Replies
0
Views
77
gregor weertman
gregor weertman
kevinds
  • Locked
  • Question
Help With Per File/Folder Restriction Based on HTTPS Client Certificate's CN
Replies
0
Views
69
kevinds
kevinds
ComputersUnlimited
  • Locked
  • Question
Cannot login into Ubuntu via SSH 1
Replies
4
Views
138
ComputersUnlimited
ComputersUnlimited
montyzummer
  • Locked
  • Question
Backup Linux DIR to windows via NFS
Replies
4
Views
140
kjv1611
kjv1611

Part and Inventory Search

Sponsor

Back
Top