getting 403 error after editing Web domain optioins

Discussion in 'General' started by thibotus01, May 26, 2010.

  1. thibotus01

    thibotus01 Member

    getting 403 error after editing Web domain options

    Hi,

    In options tab for a Web domain, after adding something like:
    Code:
    AddType video/ogg .ogv
    AddType video/mp4 .mp4
    AddType video/webm .web
    I got an error 403 when I tried to access to subdomain.domain.tld (redirect to domain.tld/folder)

    domain.tld/folder is working well.

    Log says :client denied by server configuration:

    Here the .vhost :

    Code:
    <Directory /home/domain.com>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <VirtualHost 87.xxxx:80>
          DocumentRoot /home/domain.com/web
      
        ServerName domain.com
        ServerAlias www.domain.com 
        ServerAlias media.domain.com 
        ServerAlias domaintoto2.com 
        ServerAlias mrtg.domain.com
        ServerAdmin [email protected]
    
        ErrorLog /var/log/ispconfig/httpd/domain.com/error.log
    
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 503 /error/503.html
    	
        <Directory /home/domain.com/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /home/clients/client0/web12/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
        # cgi enabled
    	<Directory /home/clients/client0/web12/cgi-bin>
          Order allow,deny
          Allow from all
        </Directory>
        ScriptAlias  /cgi-bin/ /home/clients/client0/web12/cgi-bin/
        AddHandler cgi-script .cgi
        AddHandler cgi-script .pl
        # suexec enabled
        SuexecUserGroup web12 client0
        # php as fast-cgi enabled
        <IfModule mod_fcgid.c>
          # SocketPath /tmp/fcgid_sock/
          IdleTimeout 3600
          ProcessLifeTime 7200
          # MaxProcessCount 1000
          DefaultMinClassProcessCount 3
          DefaultMaxClassProcessCount 100
          IPCConnectTimeout 8
          IPCCommTimeout 360
          BusyTimeout 300
        </IfModule>
        <Directory /home/domain.com/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web12/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    	<Directory /home/clients/client0/web12/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web12/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
         # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web12 client0
        </IfModule>
    
    
        RewriteEngine on
        RewriteCond %{HTTP_HOST}   ^media.domain.com [NC]
        RewriteRule   ^/(.*)$ /media/$1  [L]
        RewriteCond %{HTTP_HOST}   ^domaintoto2.com [NC]
        RewriteRule   ^/(.*)$ http://www.domain.com$1  [R]
        RewriteCond %{HTTP_HOST}   ^mrtg.domain.com [NC]
        RewriteRule   ^/(.*)$ /munin/$1  [L]
    
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
       
    AddType video/ogg .ogv
    AddType video/mp4 .mp4
    AddType video/webm .webm
    
    </VirtualHost>
    
     
    Last edited: May 26, 2010
  2. mike_p

    mike_p Member

    I have tried to replicate the problem your are having but cannot.

    I added some rewrite rules and the addtype directives to one of mydomains, but still had no problem accessing the folder via the rewrite.

    The one thing that looks dangerous to me is your use of suexec with /home as a base directory.

    what do you get if you run
    suexec -V

    That should show you what DOC_ROOT suexec expects.
    If it doesn't give /home, then that might cause you some problems.
     
  3. thibotus01

    thibotus01 Member

    I got "command not found" lol.

    That's how ISPconfig has configured my .vhost. when I chose what options I'd like. I didn't add anything manually.
     
  4. mike_p

    mike_p Member

    In the ISPConfig web domain options there is a checkbox for SuEXEC.
     
  5. thibotus01

    thibotus01 Member

    Yes it's checked.
     
  6. thibotus01

    thibotus01 Member

    Is there anywhere else I should look?
    :(
     
  7. mike_p

    mike_p Member

    I can't tell from what you 've posted whether you've picked up on what I wrote.

    If the SuEXEC check box is checked then you have opted to use SuEXEC.

    If suexec -V results in "command not found" there's a high chance that suexec is not installed.

    So remove the check from the suexec checkbox, save changes and wait a couple of minutes (for the cron job to execute the changes and restart apache) then see if you still have the error.
     
    Last edited: May 27, 2010
  8. thibotus01

    thibotus01 Member

    Unchecked but still have the same error.

    And it worked perfectly fine before I just did what I said in my first message, I had no problem.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Which ISPConfig version?
     
  10. thibotus01

    thibotus01 Member

    Last stable 3.0.2.1
     
  11. thibotus01

    thibotus01 Member

    I tried to create a new subdomain but I got the same error. And I tried to create a new subdomain associated to another domain and it works without problem... weirddd
     
    Last edited: May 27, 2010
  12. thibotus01

    thibotus01 Member

    I have just backup my last .vhost file and I realized that the rewrite rule was different:

    previous one (works) :

    Code:
    RewriteEngine on
        RewriteCond %{HTTP_HOST}   ^media.domain.com[NC]
        RewriteRule   ^/(.*)$ /home/clients/client0/web12/web/media/$1  [L]
        RewriteCond %{HTTP_HOST}   ^domain2.com [NC]
        RewriteRule   ^/(.*)$ http://www.domain.com/$1  [R]
        RewriteCond %{HTTP_HOST}   ^mrtg.domain.com [NC]
        RewriteRule   ^/(.*)$ /home/clients/client0/web12/web/munin/$1  [L]
    new one (403 error):

    Code:
    RewriteEngine on
        RewriteCond %{HTTP_HOST}   ^media.domain.com [NC]
        RewriteRule   ^/(.*)$ /media/$1  [L]
        RewriteCond %{HTTP_HOST}   ^domain2.com [NC]
        RewriteRule   ^/(.*)$ http://www.domain.com$1  [R]
        RewriteCond %{HTTP_HOST}   ^mrtg.domain.com [NC]
        RewriteRule   ^/(.*)$ /munin/$1  [L]
    
    I don't know why ISPCONFIG changed this.
     
    Last edited: May 27, 2010
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    We had "the new one" as default in ispconfig 3 from the beginning. Then we changed it to the code that you named "the previous one" and after this change the rewriting failed on almost all installed systems so we had to revert back to the code to "the new one".

    I also checked the apache documentation and the code "the new one" is the correct one. So thats not the source of the problem.

    We will have to find yout why this code does not work on your server. Please try to put the rewrite code part into a directory directive:

    <Directory /home/clients/client0/web12/web/>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^media.domain.com [NC]
    RewriteRule ^/(.*)$ /media/$1 [L]
    RewriteCond %{HTTP_HOST} ^domain2.com [NC]
    RewriteRule ^/(.*)$ http://www.domain.com$1 [R]
    RewriteCond %{HTTP_HOST} ^mrtg.domain.com [NC]
    RewriteRule ^/(.*)$ /munin/$1 [L]
    </Directory>
     
  14. thibotus01

    thibotus01 Member

    It doesn't work.

    media.domain.com display me the content of domain.com
     
  15. thibotus01

    thibotus01 Member

    The problem is still unsolved :/
    I temporary use the "old rule".
     
  16. thibotus01

    thibotus01 Member

    I found the problem !

    Website running under Wordpress, subdomain media.domain.com seems to be reserved and used by the CMS. By resulting a 403 error...

    I tested twice on 2 websites running with Wordpress.

    My question is : why using a Rewrite rule instead of a real vhost for subdomain?

    Should I open a ticket?
     
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats the intended behaviour of the subdomain function.

    Looks as if you used the subdomain function (which is for subdomains that do not have a its own directory) instead of creating a new website.

    If you like to have a subdomain which has its own directory (new vhost), you click on "new wesbite" and then enter sub.domain.com into the domain field.
     
  18. thibotus01

    thibotus01 Member

    Take a look on my last message.

    The rewrite rule is in conflict with the wordpress rewrite system. And the problem will always be if you create "media" as a sub-domain with a website running Wordpress.

    Edit : I read your PM, I understand now... You can reply what you said.
     
  19. till

    till Super Moderator Staff Member ISPConfig Developer

    Please see my answer in #17 in this thread. You used thew rong function. Instead of creating a new website, you created a subdomain record for a existing website which has to point to the website main dir as it is used for cms systems that are capable of running multidomain setups, e.g. wordpress mu, typo3 or joomla.

    But you wanted to have a separate directory for a cms without multidomain support, so you must choose to create a new website and not a subdomain for a existing website.
     

Share This Page