Solved

Apache security

Posted on 2006-07-08
19
448 Views
Last Modified: 2007-12-19
I have Apache2.2 running on C:\Apache.  I store all my web development work on W:\

Im currently developing a upload tool and on our companies server (IIS) everything works fine, even when i upload to ftp site for hosting.  But now ive just changed over to Apache2.2 on my laptop and now i get this error when trying to use my upload tool:

Forbidden
You don't have permission to access /xxx/htdocs/cms/< on this server.

Apache works fine for everything else and i have given full permissions on the W:\.  If i view the media folder where the image is meant to be uploaded to, the image is there, but yet i get the above message in my webpage...

My Apache knowledge is poor as im only new...

Hope somebody can help...
0
Comment
Question by:ellandrd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 3
  • +2
19 Comments
 
LVL 49

Accepted Solution

by:
Roonaan earned 120 total points
ID: 17064154
Have you tried to insecurely chmodded the /xxx/htdocs/cms folder to 0777. Also make sure that the image file doesn't exist already. In that case you should chmod that file also, or delete it.

-r-
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064196
im on a windows box - will chmod work?  not sure how to either?
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064238
where would you suggest i chmod my directory? before or after trying to upload?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 49

Assisted Solution

by:Roonaan
Roonaan earned 120 total points
ID: 17064246
Sorry, the way you described your path /xxx/htdocs/cms looked more unix than windows. So I thought the path might have the online one.

-r-
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064253
still not working.. i try to ste chmod after i detect if form was submitted... and i still get error message
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064274
i might actually just move apache to W:\... keeping everything together
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064283
This is a permission issue. You need to all IUSR_Machine name to the permission profile of this file.

Do you know how to do that?

Aplimedia
0
 
LVL 29

Assisted Solution

by:TeRReF
TeRReF earned 120 total points
ID: 17064335
Try to add this to your Apache httpd.conf:

<Directory "/xxx/htdocs/cms">
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064347
TeRReF

I have added that - still getting error.

aplimedia

>>Do you know how to do that?

Im using apache now, not IIS so do i have a IUSER_ ?

0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064352
Thats my point... IIS has windows family permissions, apache is not a member so does not!

The IUSR is a folder issue and nothing to do with Apache. Apache is trying to access it and is being told to go away bu Windows.

Aplimedia
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064353
I have also moved everything - Apache, MYSQL and PHP to W:\

so now my root is:

W:\Apache\htdocs

and my site live in:

W:\Apache\htdocs\site\
W:\Apache\htdocs\site\cms

still getting error...
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17064373
Aplimedia

I have totally moved my web development work from an IIS server to an apache server.  I used to work from my companies ISS server, but ive just started a new project and i need to be able to work after hours at home.  I installed Apache and moved the site off the IIS server at my work to my laptop so i can work on it anywhere anytime.

The site works fine and so does apache except for this upload script...  If i upload the whole site to ftp to actually host it at: http://www.xxx.co.uk, everything works fine and if i move everything back to my works IIS server everything should work fine again...

It is driving me mad as i need to get this site up and running ASAP and im unable to get work done this weekend cause of it... ive just lost like the last 3 hours playing about with Apache trying to get my upload.php script to work on apache...

Like fair enough im still booking hours to the job but ive nothing to show for it...

so come guys - help me get this working!!

Ive go to off line now but i'll be back on in an 1hr and im hoping somebody has a solution....

Ellandrd
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064402
open windows explorer and browse to /xxx/htdocs/cms/ where cms is the rrol folder of your web site.

Right click on cms > Properties.

Then select 'Security Tab'

If there is no security tab, tell me as Widows by defualt (XP) hides this one, just to complicate life!



Click on 'Add' > Advanced > Search Now > 

From the list scroll down and click on ISUR_Your_Machine_Name

Click Accept > Accept (Again) > Check 'Total Control' > Apply > Accept.

The window now closes...

Now try your site again... and let me know.

Aplimedia
0
 
LVL 10

Assisted Solution

by:aplimedia
aplimedia earned 160 total points
ID: 17064405
sorry typo... 'rrol folder' = root folder. (where cms is the ROOT folder of your web site)
Aplimedia
0
 
LVL 29

Assisted Solution

by:TeRReF
TeRReF earned 120 total points
ID: 17064494
Look in your httpd.conf and find these lines:
User www
Group www
or similar.

That user you can use to set the proper permissions on the folder.
0
 
LVL 10

Assisted Solution

by:sleep_furiously
sleep_furiously earned 100 total points
ID: 17065096
Is W:\ a network mounted drive?

You could try this:
-- Go to Services control panel
-- Right-click on Apache service and select Properties ...
-- Go to Log On tab
-- Set the account to run as to one that has network permissions on the mounted drive (for example, a domain account that has permissions on the remote filesystem)
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17065277
i just found the issue - i was taking to a guy i work with over msn and i let me take control over my laptop using remote assisstant as his apache knowledge is better and he looked in my logs and found what was causing my issue... all fixed now

thanks guys!
0
 
LVL 29

Expert Comment

by:TeRReF
ID: 17065281
Euh... what was it?
0
 
LVL 16

Author Comment

by:ellandrd
ID: 17065294
my logs shown that the url contained $ AND php dont allow that...
0

Featured Post

Schedule a Tour of the ATEN booth at InfoComm 2017

Tour the ATEN booth to see the the Latest Addition to the Modular Matrix Switch Series, New 4K HDMI Over IP Extender and more! Enter ATEN's Ultimate Giveaway Sweepstakes for a chance to win one of several great prizes, including an ATEN US7220 2-Port Thunderbolt 2 Sharing Switch!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question