HTTP code 403 when accessing Apache via HTTPS

deve-lopez
deve-lopez used Ask the Experts™
on
Hello,

After installing SSL Certificate on WAMP, the HTTPS (SSL) connection works fine but the web server answers with the bellow page to any HTTPS based request?
_______________________________________________________
Forbidden

You don't have permission to access / on this server.
Apache/2.2.11 (Win32) mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.8 Server at www.mydomain.com Port 443
_______________________________________________________


I checked the logs and added them in the code section.

HTTP Error 403 is defined as:
===============================
403 Forbidden
The request was a legal request, but the server is refusing to respond to it.[31] Unlike a 401 Unauthorized response, authenticating will make no difference.

I do not have any .htaccess file defined and directory listing is successful when using HTTP instead of HTTPS.
Any idea as to why pages access is restricted like that when I am using HTTPS?
access.log content:
====================
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:21:58 -0700] "GET / HTTP/1.1" 403 331
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:22:24 -0700] "GET / HTTP/1.1" 403 331
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:24:10 -0700] "GET /tests/ HTTP/1.1" 403 337
xxx.xxx.xxx.xxx - - [24/Oct/2009:12:24:58 -0700] "GET /tests/hello.php HTTP/1.1" 403 345
 
error.log:
===========
[Sat Oct 24 12:26:09 2009] [warn] RSA server certificate CommonName (CN) `www.mydomain.com' does NOT match server name!?
[Sat Oct 24 12:39:58 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/
[Sat Oct 24 12:40:41 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/tests
 
 
ssl_request.log:
=================
[24/Oct/2009:12:21:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:22:24 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:22:36 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:23:28 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:24:10 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/ HTTP/1.1" 337
[24/Oct/2009:12:24:31 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/rand.php HTTP/1.1" 345
[24/Oct/2009:12:24:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/rand.php HTTP/1.1" 345
[24/Oct/2009:12:25:03 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:26:15 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:31:10 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:39:58 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:40:34 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/ HTTP/1.1" 337
[24/Oct/2009:12:40:41 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /tests/index.html HTTP/1.1" 347
[24/Oct/2009:12:48:45 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET / HTTP/1.1" 331
[24/Oct/2009:12:48:45 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /favicon.ico HTTP/1.1" 342
[24/Oct/2009:12:48:50 -0700] xxx.xxx.xxx.xxx TLSv1 DHE-RSA-CAMELLIA256-SHA "GET /favicon.ico HTTP/1.1" 342

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
The certificate was issued by GeoTrust CA.
I don't think that matters but I thought I would add that info

Author

Commented:
Hello,

I raised the log level to debug.
As a result I came across the attached error line which I guess point at the root of the issue but I have no idea where to start looking to resolve that problem?
___________________________________________________
[Sat Oct 24 20:38:37 2009] [info] Initial (No.1) HTTPS request received for child 63 (server www.mydomain.com:443)
[Sat Oct 24 20:38:37 2009] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: C:/wamp/bin/apache/Apache2.2.11/htdocs/
[Sat Oct 24 20:38:43 2009] [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#2c84740 [mem: 2ca9d88]
[Sat Oct 24 20:38:43 2009] [info] [client xxx.xxx.xxx.xxx] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  : SSL input filter read failed.
[Sat Oct 24 20:38:43 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[Sat Oct 24 20:38:43 2009] [info] [client xxx.xxx.xxx.xxx] Connection closed to child 63 with standard shutdown (server www.mydomain.com:443)
_________________________________

Open in new window

Finally found the issue...

When I edited the ssl.conf I did a replace all to update the root_path of the Apache/Wamp install.

What I did not pay attention to was that the root directory is completely different under Wamp Apache and a Standard Apache install.

Anyway, I changed the first line to the second line and now it works just fine...

#DocumentRoot "C:/wamp/bin/apache/Apache2.2.11/htdocs"
DocumentRoot "C:/wamp/www"

Yahoo!!!!
Most Valuable Expert 2011
Top Expert 2016

Commented:
Glad you posted this and glad you found your answer.  This is a great question to have in the PAQ!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial