hey com! i am using Debian GNU/Linux 11 Linux version 5.10.0-18-amd64 with ispconfig 3.2.8p1 I got multiple errors when i try to activate indexes for the root dir of my my subdomain (vhost) (dl.xtreams.net) with path to dl configured in ispconfig. when php is set to disable i get this error: [Mon Sep 26 15:57:24.753736 2022] [authz_core:error] [pid 533615:tid 139905305081600] [client 149.224.35.99:50837] AH01630: client denied by server configuration: /var/www/dl.xtreams.net/dl/index.php when php fast cgi maybe 7.4 activated is then i get this: [Mon Sep 26 15:58:49.755556 2022] [autoindex:error] [pid 533963:tid 139688418113280] (13)Permission denied: [client 149.224.35.99:50867] AH01275: Can't open directory for index: /var/www/dl.xtreams.net/dl/ I tryed much fixxes from google... among others -> activate or change the security level on medium in ispconfig... -> apache directive in this subdomain: <Directory /var/www/dl.xtreams.net/dl> Options +Indexes </Directory> I changed within apache2.conf <Directory /> Options FollowSymLinks AllowOverride All Require all denied </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> -> and in the file /usr/local/ispconfig/server/conf/vhost.conf.master the AllowOverride None to All: <tmpl_hook name='apache2_vhost:header'> <Directory {tmpl_var name='web_basedir'}/{tmpl_var name='domain'}> AllowOverride All <tmpl_if name='apache_version' op='>' value='2.2' format='version'> Require all denied ..... what am i doing wrong
Take care to undo that, it will break any recent setup. This will most likely not work due to the use of a wrong path. You are using the easy navigation symlink and not the path of the website. The path of the website is something like /var/www/clients/clientX/webY/dl Not a good idea as this breaks your config as well as this value is configurable within ISPConfig on options tab of the site, so do not hard code that. Plus the default is to allow all override anyway. To fix your system, undo the change. Plus you changed the wrong file, as manual changes always go to a copy of the file in conf-custom folder, but such a manual change is not needed for this.
i undo all changes i tryed both and similar twice with a trailing / at end :S i inserted apache directive: <Directory /var/www/clients/client7/web36/dl/> Options +Indexes </Directory> [Mon Sep 26 17:29:29.917673 2022] [autoindex:error] [pid 566508:tid 139720603289344] (13)Permission denied: [client 149.224.35.99:53506] AH01275: Can't open directory for index: /var/www/clients/client7/web36/dl/
And you checked the generated vhost file to see that your changes are in there and that it did not got written with .err file ending, which means apache could not restart successfully with your custom config.
japp Code: <Directory /var/www/dl.xtreams.net> AllowOverride None Require all denied </Directory> <VirtualHost *:80> DocumentRoot /var/www/clients/client7/web36/dl ServerName dl.xtreams.net ServerAlias www.dl.xtreams.net ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/dl.xtreams.net/error.log <Directory /var/www/dl.xtreams.net/dl> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client7/web36/dl> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client7/web36/cgi-bin> Require all granted </Directory> <Directory /var/www/dl.xtreams.net/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> <Directory /var/www/clients/client7/web36/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client7/web36/cgi-bin/php-fcgi-*-80-dl.xtreams.net FastCgiExternalServer /var/www/clients/client7/web36/cgi-bin/php-fcgi-*-80-dl.xtreams.net -idle-timeout 300 -socket /var/lib/php7.4-fpm/web55.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web55.sock|fcgi://localhost//var/www/clients/client7/web36/dl/$1 <Directory /var/www/clients/client7/web36/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler "proxy:unix:/var/lib/php7.4-fpm/web55.sock|fcgi://localhost" </If> </FilesMatch> </Directory> </IfModule> RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,NE] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web36 client7 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client7/web36/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client7/web36/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> # skipping apache_directives, as that will be handled by the ssl vhost </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/clients/client7/web36/dl ServerName dl.xtreams.net ServerAlias www.dl.xtreams.net ServerAdmin [email protected] <IfModule mod_http2.c> Protocols h2 http/1.1 </IfModule> <IfModule mod_brotli.c> AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript application/xml application/xml+rss application/atom+xml application/json application/x-font-ttf application/vnd.ms-fontobject image/x-icon </IfModule> ErrorLog /var/log/ispconfig/httpd/dl.xtreams.net/error.log <IfModule mod_ssl.c> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 # SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on # <IfModule mod_headers.c> # Header always add Strict-Transport-Security "max-age=15768000" # </IfModule> SSLCertificateFile /var/www/clients/client7/web36/ssl/dl.xtreams.net-le.crt SSLCertificateKeyFile /var/www/clients/client7/web36/ssl/dl.xtreams.net-le.key SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off </IfModule> <Directory /var/www/dl.xtreams.net/dl> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client7/web36/dl> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +SymlinksIfOwnerMatch AllowOverride All Require all granted </Directory> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client7/web36/cgi-bin> Require all granted </Directory> <Directory /var/www/dl.xtreams.net/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> <Directory /var/www/clients/client7/web36/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler php-fcgi </If> </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client7/web36/cgi-bin/php-fcgi-*-443-dl.xtreams.net FastCgiExternalServer /var/www/clients/client7/web36/cgi-bin/php-fcgi-*-443-dl.xtreams.net -idle-timeout 300 -socket /var/lib/php7.4-fpm/web55.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.4-fpm/web55.sock|fcgi://localhost//var/www/clients/client7/web36/dl/$1 <Directory /var/www/clients/client7/web36/dl> <FilesMatch "\.php[345]?$"> <If "-f '%{REQUEST_FILENAME}'"> SetHandler "proxy:unix:/var/lib/php7.4-fpm/web55.sock|fcgi://localhost" </If> </FilesMatch> </Directory> </IfModule> RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web36 client7 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client7/web36/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client7/web36/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> <Directory /var/www/clients/client7/web36/dl/> Options +Indexes </Directory> </VirtualHost> <IfModule mod_ssl.c> SSLStaplingCache shmcb:/var/run/ocsp(128000) </IfModule>
corner info my apache2.conf Code: # Global configuration # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the Mutex documentation (available # at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # #Mutex file:${APACHE_LOCK_DIR} default # # The directory where shm and other runtime files will be stored. # DefaultRuntimeDir ${APACHE_RUN_DIR} # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 5 # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the severity of messages logged to the error_log. # Available values: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the log level for particular modules, e.g. # "LogLevel info ssl:warn" # LogLevel warn # Include module configuration: IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf # Include list of ports to listen on Include ports.conf # Sets the default security model of the Apache2 HTTPD server. It does # not allow access to the root filesystem outside of /usr/share and /var/www. # The former is used by web applications packaged in Debian, # the latter may be used for local directories served by the web server. If # your system is serving content from a sub-directory in /srv you must allow # access here, or in any related virtual host. <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> #<Directory /srv/> # Options Indexes FollowSymLinks # AllowOverride None # Require all granted #</Directory> # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <FilesMatch "^\.ht"> Require all denied </FilesMatch> # # The following directives define some format nicknames for use with # a CustomLog directive. # # These deviate from the Common Log Format definitions in that they use %O # (the actual bytes sent including headers) instead of %b (the size of the # requested file), because the latter makes it impossible to detect partial # requests. # # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. # Use mod_remoteip instead. # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see README.Debian for details. # Include generic snippets of statements IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: IncludeOptional sites-enabled/ # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Is this just now installed system? It may be easier and faster to start again from empty disk, and install Debian 11 and ISPConfig. ISPConfig autoinstall is easy way to get it installed.
