Tag: httpd

Permission denied /home/.htaccess pcfg_openfile unable to check htaccess file

While migrating my server data to anther server, Permission denied /home/.htaccess pcfg_openfile unable, I got this error. while restarting apache server I got following error.

[Mon Apr 25 12:15:41 2016] [crit] [client 115.117.45.10] (13)Permission denied: /home/purab/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Background, I am using centos (Linux) for hosting my sites and I am using user defined directory and apache 2.4 version for server.

I was not using .htaccess file in that location, still I was getting this error. Easy solution will be disable .htaccess setting httpd.conf file If we are planning not to use the htaccess file in our project. I found many solutions but that didn’t solved my issue. above issue is specific to file permission.

Permission denied /home/.htaccess pcfg_openfile unable

If it isn’t obvious that .htaccess cannot be read by the server (either 0755 or .htacess and the rest of the tree is in www-data group), search for a higher directory root only onwer:group which does *not* have world execute access.
In order for apache to find a file, it has to search down the tree. It cannot do this if a directory which is root:root does not have global execute access.

I executed following command to change ownership of public_html folder.

chown apache -R /home/purab
usermod -a -G /home/purab apache

After this I restarted my apache server using following command.

/etc/init.d/httpd restart

Using above command, it solved my issue. But purab user cannot edit the files in purab folder. So I used setfacl command.

What is setfacl command?

This utility sets Access Control Lists (ACLs) of files and directories. On the command line, a sequence of commands is followed by a sequence of files (which in turn can be followed by another sequence of commands, …).

The options -m, and -x expect an ACL on the command line. Multiple ACL entries are separated by comma characters (‘,’). The options -M, and -X read an ACL from a file or from standard input. The ACL entry format is described in Section ACL ENTRIES.

Finally I executed following command which solved my issue.

chown purab: /home/purab -R
setfacl -R -m apache:rwx /home/purab

Using above command I kept purab directory permission to purab user again so purab user has all permission of directory. Using setfacl command I given permission to apache user for read, write and execute permission. It worked for me and solved my issue.

Solved: Access denied with code 400 (phase 2).

When I restarted my apache server. I am using the fedora 9 here.

I did not get my default page opened in browser.
When I opened the apache error log file. I saw following error.

ModSecurity: Access denied with code 400 (phase 2). Pattern match “%0[ad]” at REQUEST_HEADERS:Cookie. [id “950910”] [msg “HTTP Response Splitting Attack. Matched signature <%0a>”] [severity “ALERT”] [hostname “localhost”] [uri “/”] [unique_id “SuWoGH8AAAEAAFF3rKEAAAAA”]

I after doing some R&D but I did not got any perfect soluction.
Then I cleared the whole browser cookies. That solves my problem.

solution – clear the browser cookies…

Solved: DirectoryIndex not allowed here

When I tried to run my one of my project on server I got following error on the Browser.:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

When I got above error I opened the error log file.

Error Log File log(#vim /var/log/httpd/error_log)
[Wed Oct 14 12:02:56 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Oct 14 12:02:56 2009] [notice] mod_python: using mutex_directory /tmp
[Wed Oct 14 12:02:56 2009] [notice] Apache/2.2.9 (Unix) DAV/2 PHP/5.2.6 mod_python/3.3.1 Python/2.5.1 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 configured — resuming normal operations
[Wed Oct 14 12:02:59 2009] [alert] [client 127.0.0.1] /var/www/html/your_domain_name/.htaccess: DirectoryIndex not allowed here, referer: http://your_domain_name.org/
[Wed Oct 14 12:03:29 2009] [alert] [client 127.0.0.1] /var/www/html/your_domain_name/.htaccess: DirectoryIndex not allowed here, referer: http://your_domain_name.org/
[Wed Oct 14 12:11:13 2009] [notice] caught SIGTERM, shutting down
[Wed Oct 14 12:11:13 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Oct 14 12:11:13 2009] [notice] Digest: generating secret for digest authentication …
[Wed Oct 14 12:11:13 2009] [notice] Digest: done

At the end of file I saw above error.

When I saw that I opened the httpd.conf file and I searched for line.

AllowOverride None

I commented this line.
#AllowOverride None

Then I added following lines to that tag
Order allow,deny
Allow from all

Then I saved the httpd.conf file and restarted the apache server.

This solved the my issue.

solved: [warn] _default_ VirtualHost overlap on port 80, the first has precedence

Here I am using the Fedora 9 for this example. I solved the issue of _default_ VirtualHost overlap on port 80 warning in linux

If you want to host many sites on one computer or machine.
I added following lines to httpd.conf file(end of file).

[viral-lock message=”Solution code is Hidden! It’s Visible for Users who Liked/Shared This article on Facebook or Twitter or Google+. Like or Tweet this article to reveal the content.”]

<VirtualHost  *:80>

Options +FollowSymLinks
ServerName example1.com
DocumentRoot /var/www/html/example1

VirtualHost>

<VirtualHost  *:80>

Options +FollowSymLinks
ServerName example2.com
DocumentRoot /var/www/html/example2

</ VirtualHost>

[/viral-lock]

When I restarted the apache server using following command.
#su
#ROOT_PASSWORD
#/etc/init.d/httpd restart

I got the following error;
[warn] _default_ VirtualHost overlap on port 80, the first has precedence

Again I opend the httpd.conf tile and I read following lines;
#
# Use name-based virtual hosting.
#
#NameVirtualHost *:80

# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#

Than only I uncommented following line and restarted the Server.

NameVirtualHost *:80

My promlem get solved.

Solved issue -Directory index forbidden by Options directive:

I want to change the default location of Apache folder which is (var/www/html).
I am using the Fedora as OS and apache 2 here. you can use following code with any linux box like centos or ubuntu. Here we solved the issue of directory.

When I inserted the following code in bottom of the httpd.conf file.
<VirtualHost *:80>
Options +FollowSymLinks
ServerAdmin siwan@yahoo.co.in
DocumentRoot /var/www/html/testfolder
ErrorLog logs/error_log_net
TransferLog logs/access_log_net
</VirtualHost>

When tried the http://localhost/ in browser, I got the default browser page.
Then I tried to look my apache error using following command:
#[root@localhost ]# tail -f /var/log/httpd/error_log

In apache error log I got following error.
[Wed Oct 07 15:59:50 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /var/www/html/testfolder/

I changed the AllowOverride option but nothing is happens. Then I read the welcome page text
“To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.”
I opend the welcome.conf file.

I found following lines in welcome.conf file.
<LocationMatch “^/+$”>
Options -Indexes
ErrorDocument 403 /error/noindex.html
LocationMatch>

I changed that to as follows:

[viral-lock message=”Solution code is Hidden! It’s Visible for Users who Liked/Shared This article on Facebook or Twitter or Google+. Like or Tweet this article to reveal the content.”]

<LocationMatch “^/+$”>
Options Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>

[/viral-lock]

That solve my problem. Some time your selinux will cause the issue so you need to deactivate the selinux.
Some time File permission will also cause the issue.
You can change the file permission using following command, go to that directory and run following command.
#chmod 777 *

You can use above commands on any linux box. Ubuntu, centos, redhat or on fedora box.. still solution will be same.

setting up basic authentication apache

Two months back, we got the requirement of do basic authentication for testing site server. We given steps and code for setting up basic authentication apache. So Google or any search engine site cannot index the testing sites.

setting up basic authentication apache

We are using Fedora as Operating System and Apache as web server on our testing machine. We hosted more than fifteen test sites on that server.

I successfully created basic authentication on server.

Use following commands:

#su

#ROOT_PASSWORD

#vi /etc/httpd/conf/httpd.conf

in that file you need to insert following lines.

AccessFileName htaccess.acl .htaccess

# htpasswd -c /home/USER/pwd.txt USER(you can define your user of stystem.)

New password: mypassword
Re-type new password: mypassword

That sit. Your username and password is set for popup.

Now you need to only create or update your .htaccess  file. You can create or find .htaccess file in your project folder.

Use or copy and paste following code in that file: (.htaccess file)

AuthUserFile /home/USER/pwd.txt
AuthName "Protected"
AuthType Basic


require valid-user

I following exact method for my server and projects. It is working perfect for me.

How to Use chkconfig command on fedora

chkconfig command is default command for linux versions.
chkconfig command is basically used for what is status when machine is rebooting. Startup of machine which services get started automatically.

For listing for services:
#su
#ROOT-PASSWORD
#chkconfig –list

If you want to add any service at startup:
# chkconfig –add nginx

If you want to turn on any service at startup:
#chkconfig nginx on

Stopping service
#chkconfig mysql off