Posts Tagged ‘apache error log’

Client Denied By Server Configuration Linux Apache error solution

Thursday, August 1st, 2013

Reading Time: 2minutes

Client denied by server configuration fix solution Apache feather logo

If you run Apache server on Debian Linux / Ubuntu / CentOS whatever Linux OS and you try to install a new PHP application under lets say /var/www/ getting an error in Apache error.log like:
 

[Wed Jul 31 03:36:21 2013] [error] [client 192.168.10.2] client denied by server configuration: /var/www/vea/index.php, referer: http://192.168.10.9/vea/


This is due to misconfigured AllowOverrides in some of your main configuration files.

So what is causing the error?

Reason is by default in most current Linux distributions Apache is configured to have restrictive policy following the good security practice (Restrictive by default).
Apache is configured by default to not accept AllowOverrides – i.e. AllowOverride None for DocumentRoot /, because there are plenty of administrators who run Apache without having profound understanding leaving it to interpret by default mod_rewrite rules from .htaccess files etc.

To fix this issue, hence you have to add extra configuration for AllowOverride directive for directory giving the err. In this case /vea:

<Directory /var/www/vea/> 
Options -Indexes FollowSymLinks
AllowOverride AuthConfig
FileInfo Order allow,deny
Allow from all
</Directory> 

Above rules are a bit restrictive and will allow only to have .htaccess with only for protecting directory with htaccess passsword for exmpl. – (AuthUserFile, AuthGroupFile, AuthName, AuthType) .htaccess.
-Indexes – instructs /var/www/vea directory listing to be disabled, below two lines:

Order allow, deny
Allow from all

Makes the directory Allowed to be visible by all, however note that it is possible in some of other Apache configuration files to have other rules configured for /vea documentroot /var/www/ which are preventive (Default Deny) – if this is the case just walk through all Apache configs and change where necessary to Allow from all.

In some cases it is possible Web application or Website placed requires AllowOverride All directive instead. If above <Directory>

does not help and you continue to get:

[Wed Jul 31 03:36:21 2013] [error] [client xxx.xxx.xx.x] client denied by server configuration: /var/www/php-application/index.php, referer: http://xxx.xxx.xx.xx/php-application/  

Try setting Directory rules with AllowOverride All ;

<Directory /var/www/php-application/> 
Options -Indexes FollowSymLinks
AllowOverride All
FileInfo Order allow,deny
Allow from all
</Directory> 

Debian / Ubuntu server admins should check closely for AllowOverride rules in files /etc/apache2/conf.d/*

as well as in /etc/apache2/mods-available/*:

Usually there are AllowOverride rules set from files:

/etc/apache2/conf.d/apache2-doc
/etc/apache2/conf.d/localized-error-pages
/etc/apache2/conf.d/security

and also in

/etc/apache2/mods-available/alias.conf
/etc/apache2/mods-available/userdir.conf

On Debian GNU / Linux, very common reason for gettingclient denied by server configuration is AllowOverride definitions in /etc/apache2/conf.d/security, default AllowOverride there are set to None, i.e.:

<Directory />
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>

If that's the case with you make sure you config rules to become:

# <Directory />
# AllowOverride None
# Order Deny,Allow
# Deny from all
# </Directory>

A very useful command to find where there is occurance of AllowOverride in Apache many configs is:

root@linux:~# cd /etc/apache2
root@linux:/etc/apache2# grep -rli AllowOverride *
apache2.conf
conf.d/localized-error-pages
conf.d/apache2-doc
conf.d/security
mods-available/userdir.conf
mods-available/alias.conf
sites-available/www.website1.com
sites-available/www.website2.com
...


 

Once you did all necessary config Restart Apache:

root@linux:~# /etc/init.d/apache2 restart
....

Fixing PHP Fatal error: Call to undefined function session_register()

Monday, July 1st, 2013

Reading Time: < 1minute

While moving Website from older Debian 6 to Debian 7 server with Apache I encountered PHP Fatal error:

PHP Fatal error:  Call to undefined function session_register() in /var/www2/site/www/include/modules/core/session.class.php on line 7, referer: http://192.168.1.9/

In PHP newer than PHP 5.3, session_register(): function is obsolete, there is no need anymore to have this function initiated before using SESSION variables.

Comment out  in PHP files prompting error in Apache error.log everywhere where matched:

session_register();
session_register('session');

 

to look like this:
 

//session_register();
//session_register('session');

In newer PHP versions to initialize sessions:

 $_SESSION['session']="session_variable";

Before test it again in browser, restart Browser and Apache server to make sure some caching from Apache or Browser doesn't influence. That's all now site  works fine 🙂

Fixing Apache error – client denied by server configuration on FreeBSD

Thursday, January 17th, 2013

Reading Time: 2minutes

If you have just installed a FreeBSD host with Apache and configured a Vhost document root to interpret  PHP or Perl scripts and you end up with error in browser like:

 

HTTP 403 / client denied by server configuration error

or

Forbidden
You don't have permission to access /index.html on this server.

It is most likely due to improperly configured Apache directory or directories permissions. In Apache error log /var/log/httpd-error.log, there are plenty of error messages logged like:

[Tue Jan 15 13:09:39 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html/management
[Tue Jan 15 13:09:41 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html/management
[Tue Jan 15 13:09:41 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html
[Tue Jan 15 13:09:41 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html
[Tue Jan 15 13:09:41 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html
[Tue Jan 15 13:09:41 2013] [error] [client 92.96.95.177] client denied by server configuration: /usr/home/hipo/public_html

The issue is caused by Apache <Directory> configuration which is restrictive and set to first deny and then apply allow rule, i.e.:

 

<Directory /usr/home/hipo/public_html>
  Options ExecCGI -Indexes FollowSymLinks
   Allowoverride All
    Order Deny,allow
    Deny from all
    Allow from localhost
    Allow from 123.123.123.123
</Directory>

To solve the problem change default Deny set policy (Deny from all) and first policy to be applied which is Deny to allow;

 <Directory "/usr/home/hipo/public_html">
        Options ExecCGI -Indexes FollowSymLinks
        Allowoverride All
        Order Allow,deny
        Allow from all
        #DirectoryIndex index.cgi
  </Directory>

It is possible to not specify any Order Allow,deny (if there is no previous Apache <Directory> directive to override, so in many  cases you can use;

 <Directory "/usr/home/hipo/public_html">
        Options ExecCGI -Indexes FollowSymLinks
        Allowoverride All
        Allow from all
        #DirectoryIndex index.cgi
  </Directory>

Finally restart Apache and all should be good;

freebsd# /usr/local/etc/rc.d/apache22 restart
....