Solved

Apache security

Posted on 2006-07-08
19
443 Views
Last Modified: 2007-12-19
I have Apache2.2 running on C:\Apache.  I store all my web development work on W:\

Im currently developing a upload tool and on our companies server (IIS) everything works fine, even when i upload to ftp site for hosting.  But now ive just changed over to Apache2.2 on my laptop and now i get this error when trying to use my upload tool:

Forbidden
You don't have permission to access /xxx/htdocs/cms/< on this server.

Apache works fine for everything else and i have given full permissions on the W:\.  If i view the media folder where the image is meant to be uploaded to, the image is there, but yet i get the above message in my webpage...

My Apache knowledge is poor as im only new...

Hope somebody can help...
0
Comment
Question by:ellandrd
  • 9
  • 4
  • 3
  • +2
19 Comments
 
LVL 49

Accepted Solution

by:
Roonaan earned 120 total points
ID: 17064154
Have you tried to insecurely chmodded the /xxx/htdocs/cms folder to 0777. Also make sure that the image file doesn't exist already. In that case you should chmod that file also, or delete it.

-r-
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064196
im on a windows box - will chmod work?  not sure how to either?
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064238
where would you suggest i chmod my directory? before or after trying to upload?
0
 
LVL 49

Assisted Solution

by:Roonaan
Roonaan earned 120 total points
ID: 17064246
Sorry, the way you described your path /xxx/htdocs/cms looked more unix than windows. So I thought the path might have the online one.

-r-
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064253
still not working.. i try to ste chmod after i detect if form was submitted... and i still get error message
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064274
i might actually just move apache to W:\... keeping everything together
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064283
This is a permission issue. You need to all IUSR_Machine name to the permission profile of this file.

Do you know how to do that?

Aplimedia
0
 
LVL 29

Assisted Solution

by:TeRReF
TeRReF earned 120 total points
ID: 17064335
Try to add this to your Apache httpd.conf:

<Directory "/xxx/htdocs/cms">
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064347
TeRReF

I have added that - still getting error.

aplimedia

>>Do you know how to do that?

Im using apache now, not IIS so do i have a IUSER_ ?

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064352
Thats my point... IIS has windows family permissions, apache is not a member so does not!

The IUSR is a folder issue and nothing to do with Apache. Apache is trying to access it and is being told to go away bu Windows.

Aplimedia
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064353
I have also moved everything - Apache, MYSQL and PHP to W:\

so now my root is:

W:\Apache\htdocs

and my site live in:

W:\Apache\htdocs\site\
W:\Apache\htdocs\site\cms

still getting error...
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064373
Aplimedia

I have totally moved my web development work from an IIS server to an apache server.  I used to work from my companies ISS server, but ive just started a new project and i need to be able to work after hours at home.  I installed Apache and moved the site off the IIS server at my work to my laptop so i can work on it anywhere anytime.

The site works fine and so does apache except for this upload script...  If i upload the whole site to ftp to actually host it at: http://www.xxx.co.uk, everything works fine and if i move everything back to my works IIS server everything should work fine again...

It is driving me mad as i need to get this site up and running ASAP and im unable to get work done this weekend cause of it... ive just lost like the last 3 hours playing about with Apache trying to get my upload.php script to work on apache...

Like fair enough im still booking hours to the job but ive nothing to show for it...

so come guys - help me get this working!!

Ive go to off line now but i'll be back on in an 1hr and im hoping somebody has a solution....

Ellandrd
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064402
open windows explorer and browse to /xxx/htdocs/cms/ where cms is the rrol folder of your web site.

Right click on cms > Properties.

Then select 'Security Tab'

If there is no security tab, tell me as Widows by defualt (XP) hides this one, just to complicate life!



Click on 'Add' > Advanced > Search Now >

From the list scroll down and click on ISUR_Your_Machine_Name

Click Accept > Accept (Again) > Check 'Total Control' > Apply > Accept.

The window now closes...

Now try your site again... and let me know.

Aplimedia
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064405
sorry typo... 'rrol folder' = root folder. (where cms is the ROOT folder of your web site)
Aplimedia
0
 
LVL 29

Assisted Solution

by:TeRReF
TeRReF earned 120 total points
ID: 17064494
Look in your httpd.conf and find these lines:
User www
Group www
or similar.

That user you can use to set the proper permissions on the folder.
0
 
LVL 10

Assisted Solution

by:sleep_furiously
sleep_furiously earned 100 total points
ID: 17065096
Is W:\ a network mounted drive?

You could try this:
-- Go to Services control panel
-- Right-click on Apache service and select Properties ...
-- Go to Log On tab
-- Set the account to run as to one that has network permissions on the mounted drive (for example, a domain account that has permissions on the remote filesystem)
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17065277
i just found the issue - i was taking to a guy i work with over msn and i let me take control over my laptop using remote assisstant as his apache knowledge is better and he looked in my logs and found what was causing my issue... all fixed now

thanks guys!
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 17065281
Euh... what was it?
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17065294
my logs shown that the url contained $ AND php dont allow that...
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now