deve-lopez
asked on
HTTP code 403 when accessing Apache via HTTPS
Hello,
After installing SSL Certificate on WAMP, the HTTPS (SSL) connection works fine but the web server answers with the bellow page to any HTTPS based request?
__________________________ __________ __________ _________
Forbidden
You don't have permission to access / on this server.
Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 Server at www.mydomain.com Port 443
__________________________ __________ __________ _________
I checked the logs and added them in the code section.
HTTP Error 403 is defined as:
========================== =====
403 Forbidden
The request was a legal request, but the server is refusing to respond to it.[31] Unlike a 401 Unauthorized response, authenticating will make no difference.
I do not have any .htaccess file defined and directory listing is successful when using HTTP instead of HTTPS.
Any idea as to why pages access is restricted like that when I am using HTTPS?
After installing SSL Certificate on WAMP, the HTTPS (SSL) connection works fine but the web server answers with the bellow page to any HTTPS based request?
__________________________
Forbidden
You don't have permission to access / on this server.
Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 Server at www.mydomain.com Port 443
__________________________
I checked the logs and added them in the code section.
HTTP Error 403 is defined as:
==========================
403 Forbidden
The request was a legal request, but the server is refusing to respond to it.[31] Unlike a 401 Unauthorized response, authenticating will make no difference.
I do not have any .htaccess file defined and directory listing is successful when using HTTP instead of HTTPS.
Any idea as to why pages access is restricted like that when I am using HTTPS?
access.log content:
====================
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:21:58 -0700] "GET / HTTP/1.1" 403 331
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:22:24 -0700] "GET / HTTP/1.1" 403 331
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:24:10 -0700] "GET /tests/ HTTP/1.1" 403 337
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:24:58 -0700] "GET /tests/hello.php HTTP/1.1" 403 345
error.log:
===========
[Sat Oct 24 12:26:09 2009] [warn] RSA server certificate CommonName (CN) `www.mydomain.com' does NOT match server name!?
[Sat Oct 24 12:39:58 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/
[Sat Oct 24 12:40:41 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/tests
ssl_request.log:
=================
[24/Oct/2009:12:21:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:22:24 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:22:36 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:23:28 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:24:10 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/ HTTP/1.1" 337
[24/Oct/2009:12:24:31 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/rand.php HTTP/1.1" 345
[24/Oct/2009:12:24:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/rand.php HTTP/1.1" 345
[24/Oct/2009:12:25:03 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:26:15 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:31:10 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:39:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:40:34 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/ HTTP/1.1" 337
[24/Oct/2009:12:40:41 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/index.html HTTP/1.1" 347
[24/Oct/2009:12:48:45 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:48:45 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /favicon.ico HTTP/1.1" 342
[24/Oct/2009:12:48:50 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /favicon.ico HTTP/1.1" 342
ASKER
Hello,
I raised the log level to debug.
As a result I came across the attached error line which I guess point at the root of the issue but I have no idea where to start looking to resolve that problem?
I raised the log level to debug.
As a result I came across the attached error line which I guess point at the root of the issue but I have no idea where to start looking to resolve that problem?
___________________________________________________
[Sat Oct 24 20:38:37 2009] [info] Initial (No.1) HTTPS request received for child 63 (server www.mydomain.com:443)
[Sat Oct 24 20:38:37 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/
[Sat Oct 24 20:38:43 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#2c84740 [mem: 2ca9d88]
[Sat Oct 24 20:38:43 2009] [info] [client xxx.xxx.xxx.xxx] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. : SSL input filter read failed.
[Sat Oct 24 20:38:43 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[Sat Oct 24 20:38:43 2009] [info] [client xxx.xxx.xxx.xxx] Connection closed to child 63 with standard shutdown (server www.mydomain.com:443)
_________________________________
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you posted this and glad you found your answer. This is a great question to have in the PAQ!
ASKER
I don't think that matters but I thought I would add that info