Solved

Why can't I get a directory listing when I use HTTPS?

Posted on 2014-12-29
6
111 Views
Last Modified: 2015-01-04
Hi all,

I've just successfully installed an SSL certificate on my server (I get no reboot errors when I restart apache2 server and also when I type in the URL with the https I can see the green lock symbol which I can click and see corresponds to my certificate).

The problem is that when I use the https protocol I get an error:
https://www.mifujiclark.com/
Forbidden
You don't have permission to access / on this server.

Open in new window


When I use the http protocol I get the right page:
http://www.mifujiclark.com


What am I doing wrong here?

thanks in advance.


P.S. Here is my site's conf file from the apache2 sites enabled folder:
# domain: mifujiclark.com
# public: /home/myfolder/public/mifujiclark.com/public

<VirtualHost *:443>
  SSLEngine On
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

  SSLCertificateFile /PATH_TO_APACHE_FOLDER/ssl/mifujiclark.com.crt
  SSLCertificateKeyFile /PATH_TO_APACHE_FOLDER/ssl/mifujiclark.com.key
  SSLCertificateChainFile /PATH_TO_APACHE_FOLDER/ssl/sub.class1.server.ca.pem

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@ookami.it
  ServerName  www.mifujiclark.com
  ServerAlias mifujiclark.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/myfolder/public/mifujiclark.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myfolder/public/mifujiclark.com/log/error.log
  CustomLog /home/myfolder/public/mifujiclark.com/log/ssl_request.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  TransferLog /home/myfolder/public/mifujiclark.com/log/access.log
</VirtualHost>



<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@ookami.it
  ServerName  www.mifujiclark.com
  ServerAlias mifujiclark.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/myfolder/public/mifujiclark.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myfolder/public/mifujiclark.com/log/error.log
  CustomLog /home/myfolder/public/mifujiclark.com/log/access.log combined

</VirtualHost>

Open in new window

0
Comment
Question by:badwolfff
  • 4
6 Comments
 

Author Comment

by:badwolfff
ID: 40523076
Here are the three logs:

ACCESS.LOG
90.14.76.165 - - [30/Dec/2014:03:06:56 +0000] "GET / HTTP/1.1" 403 202
90.14.76.165 - - [30/Dec/2014:03:06:56 +0000] "GET /favicon.ico HTTP/1.1" 403 213

Open in new window


ERROR.LOG
[Tue Dec 30 03:06:56.610993 2014] [authz_core:error] [pid 22773] [client 90.14.76.165:57228] AH01630: client denied by server configuration: /home/myfolder/public/mifujiclark.com/public/
[Tue Dec 30 03:06:56.697159 2014] [authz_core:error] [pid 22773] [client 90.14.76.165:57228] AH01630: client denied by server configuration: /home/myfolder/public/mifujiclark.com/public/favicon.ico

Open in new window



SSL_REQUEST.LOG
[30/Dec/2014:03:06:56 +0000] 90.14.76.165 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET / HTTP/1.1" 202
[30/Dec/2014:03:06:56 +0000] 90.14.76.165 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /favicon.ico HTTP/1.1" 213

Open in new window

0
 
LVL 10

Expert Comment

by:schaps
ID: 40523201
Is the domain set up in httpd-ssl.conf ?
0
 

Author Comment

by:badwolfff
ID: 40523448
Hi,
thanks for the reply. I use Apache2 on Ubuntu. I don't see a httpd-ssl.conf.
I see a default-ssl.conf file. Do I need to add something to it?
If so could you please help me with the syntax?
Also the default-ssl.conf file at the moment I see it only in the sites-available folder and not in the sites-enabled folder.
Do I need to make a shortcut to it there?

thanks in advance
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Accepted Solution

by:
badwolfff earned 0 total points
ID: 40523503
I solved it myself by adding:

  ExpiresActive on

  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"

  ExpiresByType text/css "access plus 1 month"

  ExpiresByType image/x-icon "access plus 1 month"

  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/x-javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"


        <Directory /home/myfolder/public/mifujiclark.com/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride all
            Order allow,deny
            Allow from all
            Require all granted
        </Directory>
0
 
LVL 62

Expert Comment

by:gheist
ID: 40524768
Secure your server NOW:
SSLProtocol all -SSLv2
must become
SSLProtocol all -SSLv2 -SSLv3
(ssl3 is broken)
And
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
must become
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!3DES
(3des is effectively 112bit cypher)
0
 

Author Closing Comment

by:badwolfff
ID: 40529971
I solved the problem myself
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AWS ELB 5 95
How to change the nameserver on Ubuntu Server 6 50
I NEED A "BARE" LINUX ... 9 56
Apache module 5 47
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question