I'm running Ubuntu 13.10 with the latest ISPConfig update... So I just created a new website, but I cant'access it via the web browser due to a 403 error... I've walked through the vhost config file and changed the "Required all denied" to "Required all granted"... But nothong... All my other sties are still working great... Could someone please advise me, this is very frustrating :S
Do not change any settings in the vhost file manually, the same file (template) works on ten thousands of servers, so it need not to be changed. Check the error.log of the website to find the reason for the error.
That's the frustrating part the erro log just says "access denied by server config" XD [Mon May 05 13:36:11.528377 2014] [access_compat:error] [pid 11978] [client 84.28.55.219:29273] AH01797: client denied by server configuration: /var/www/smartwatchmarket.eu/web/error/403.html
Is there a index.php or index.html file in /var/www/smartwatchmarket.eu/web/ ? if yes, is it owned by the correct user and group?
The chmod is important - sure, but what about the group? Did you upload the files via root ssh or user-FTP/ssh? If you did upload as root, this might be the problem. Create an hello world index.html, clear cache and open the site again - and do not change anything in the vhost file (.html comes before .php) Edit: Whoops, till was faster - as usual
File: âindex.phpâ Size: 1068 Blocks: 8 IO Block: 4096 regular file Device: fc00h/64512d Inode: 17695869 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 5015/ web38) Gid: ( 5005/ client1) Access: 2014-05-05 12:54:03.506078055 +0200 Modify: 2014-05-05 12:54:03.522078057 +0200 Change: 2014-05-05 12:54:03.522078057 +0200 Birth: - web38 is correct... Edit: I always upload via the client FTP...
The error comes from access_compat, so it is from "deny from all" somewhere in the apache config, I think. Try Code: grep -i -r -l 'deny from all' /etc/apache2/* Then check the reported files if there are such directives left that should have been rewritten to new syntax.
/etc/apache2/apache2.conf /etc/apache2/conf-available/security.conf /etc/apache2/conf-available/security.conf.dpkg-new /etc/apache2/conf-available/php5-cgi.conf /etc/apache2/mods-available/php5.conf /etc/apache2/sites-available/ispconfig.conf /etc/apache2/sites-available/ispconfig.vhost And in all sites-available EXCEPT for the one that has hte issue... But I'm not sure where it should be and were it shouldn't be? <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy all </Files> This one in the apache2.conf? Edit: Is this of any use in this case? * Restarting web server apache2 AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73 [ OK ] I've renamed the apache2.conf.dpkg-dist to apache2.conf, and removed the *.conf from the last line (sites-enabled)... still nothing :S I'm already spending a couple of wasted hours on this issue :S
Have you done "reconfigure services" = yes when you updated ISPConfig? Have you any files in /usr/local/ispconfig/server/conf-custom/ I would assume the problem comes from a not-updated file during update.
But I don't know what's odd and what not... And I removed all custom modules because they were not used anymore, so it's pretty much a clean apache server...
your help is greatly appreciated I did add the lines "Require all denied/granted" myself as an attempt to solve something, but it doesn't make any difference, all sites keep working except for the new one... ispconfig.conf root@SchaSol-SRV01:/etc/apache2/sites-available# vi ispconfig.conf </Directory> <Directory /var/lib/mailman/archives/> Options +FollowSymLinks Order allow,deny Allow from all Require all granted </Directory> # allow path to awstats and alias for awstats icons <Directory /usr/share/awstats> Order allow,deny Allow from all Require all granted </Directory> Alias /awstats-icon "/usr/share/awstats/icon" NameVirtualHost *:80 NameVirtualHost *:443 NameVirtualHost 77.72.148.50:80 NameVirtualHost 77.72.148.50:443
That's definitly not the full content of the ispconfig.conf and the ispconfig.vhost is missing, too. Most important are the sections of those files that have "deny from all" in it.
I'm sorry... You know those days when nothing, and really nothing works? I'm having that day now, because it's not only this issue that I'm working on atm :S root@SchaSol-SRV01:/etc/apache2/sites-available# vi ispconfig.conf LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" /var/log/ispconfig/httpd" combined_ispconfig <Directory /var/www/clients> AllowOverride None Order Deny,Allow Deny from all Require all denied </Directory> # Do not allow access to the root file system of the server for security reasons <Directory /> AllowOverride None Order Deny,Allow Deny from all Require all denied </Directory> <Directory /var/www/conf> AllowOverride None Order Deny,Allow Deny from all Require all denied </Directory> # Except of the following directories that contain website scripts <Directory /usr/share/phpmyadmin> Order allow,deny Allow from all Require all granted From here on everything is Allow fro mall... I'll add the ispconfig.vhost in a minute... Edit: root@SchaSol-SRV01:/etc/apache2/sites-available# vi ispconfig.vhost Listen 8080 NameVirtualHost *:8080 <VirtualHost _default_:8080> ServerAdmin webmaster@localhost <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> <IfModule mod_fcgid.c> DocumentRoot /var/www/ispconfig/ SuexecUserGroup ispconfig ispconfig <Directory /var/www/ispconfig/> Options -Indexes +FollowSymLinks +MultiViews +ExecCGI AllowOverride AuthConfig Indexes Limit Options FileInfo <FilesMatch "\.php$"> SetHandler fcgid-script </FilesMatch> FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php Order allow,deny Allow from all Require all granted </Directory> IPCCommTimeout 7200 MaxRequestLen 15728640 </IfModule> <IfModule mpm_itk_module> DocumentRoot /usr/local/ispconfig/interface/web/ AssignUserId ispconfig ispconfig AddType application/x-httpd-php .php <Directory /usr/local/ispconfig/interface/web> # php_admin_value open_basedir "/usr/local/ispconfig/interface:/usr/share:/tmp" Options +FollowSymLinks AllowOverride None Order allow,deny Allow from all Require all granted php_value magic_quotes_gpc 0 </Directory> </IfModule> # ErrorLog /var/log/apache2/error.log # CustomLog /var/log/apache2/access.log combined ServerSignature Off <IfModule mod_security2.c> SecRuleEngine Off </IfModule> SecRuleEngine Off </IfModule> # SSL Configuration SSLEngine On SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key #SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle </VirtualHost> <Directory /var/www/php-cgi-scripts> AllowOverride None Order Deny,Allow Deny from all Require all denied </Directory> <Directory /var/www/php-fcgi-scripts> AllowOverride None Order Deny,Allow Deny from all Require all denied </Directory>
Please remove Code: Order Deny,Allow Deny from all From all those things. It has precedence above the require all option and prevents your new web (or all updated webs) from working. "Require all denied" stays there, of course.
I'll try It today, I really hope that's going to do the trick... I'll get back with the result... Edit: You're the hero of the day! The site is finally reachable, now I can finally move on But should I also do this with all existing vhosts? and for the Allow for all as well?
