Solved

Why can't I get a directory listing when I use HTTPS?

Posted on 2014-12-29
6
115 Views
Last Modified: 2015-01-04
Hi all,

I've just successfully installed an SSL certificate on my server (I get no reboot errors when I restart apache2 server and also when I type in the URL with the https I can see the green lock symbol which I can click and see corresponds to my certificate).

The problem is that when I use the https protocol I get an error:
https://www.mifujiclark.com/
Forbidden
You don't have permission to access / on this server.

Open in new window


When I use the http protocol I get the right page:
http://www.mifujiclark.com


What am I doing wrong here?

thanks in advance.


P.S. Here is my site's conf file from the apache2 sites enabled folder:
# domain: mifujiclark.com
# public: /home/myfolder/public/mifujiclark.com/public

<VirtualHost *:443>
  SSLEngine On
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

  SSLCertificateFile /PATH_TO_APACHE_FOLDER/ssl/mifujiclark.com.crt
  SSLCertificateKeyFile /PATH_TO_APACHE_FOLDER/ssl/mifujiclark.com.key
  SSLCertificateChainFile /PATH_TO_APACHE_FOLDER/ssl/sub.class1.server.ca.pem

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@ookami.it
  ServerName  www.mifujiclark.com
  ServerAlias mifujiclark.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/myfolder/public/mifujiclark.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myfolder/public/mifujiclark.com/log/error.log
  CustomLog /home/myfolder/public/mifujiclark.com/log/ssl_request.log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  TransferLog /home/myfolder/public/mifujiclark.com/log/access.log
</VirtualHost>



<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@ookami.it
  ServerName  www.mifujiclark.com
  ServerAlias mifujiclark.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/myfolder/public/mifujiclark.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/myfolder/public/mifujiclark.com/log/error.log
  CustomLog /home/myfolder/public/mifujiclark.com/log/access.log combined

</VirtualHost>

Open in new window

0
Comment
Question by:badwolfff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 

Author Comment

by:badwolfff
ID: 40523076
Here are the three logs:

ACCESS.LOG
90.14.76.165 - - [30/Dec/2014:03:06:56 +0000] "GET / HTTP/1.1" 403 202
90.14.76.165 - - [30/Dec/2014:03:06:56 +0000] "GET /favicon.ico HTTP/1.1" 403 213

Open in new window


ERROR.LOG
[Tue Dec 30 03:06:56.610993 2014] [authz_core:error] [pid 22773] [client 90.14.76.165:57228] AH01630: client denied by server configuration: /home/myfolder/public/mifujiclark.com/public/
[Tue Dec 30 03:06:56.697159 2014] [authz_core:error] [pid 22773] [client 90.14.76.165:57228] AH01630: client denied by server configuration: /home/myfolder/public/mifujiclark.com/public/favicon.ico

Open in new window



SSL_REQUEST.LOG
[30/Dec/2014:03:06:56 +0000] 90.14.76.165 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET / HTTP/1.1" 202
[30/Dec/2014:03:06:56 +0000] 90.14.76.165 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /favicon.ico HTTP/1.1" 213

Open in new window

0
 
LVL 10

Expert Comment

by:schaps
ID: 40523201
Is the domain set up in httpd-ssl.conf ?
0
 

Author Comment

by:badwolfff
ID: 40523448
Hi,
thanks for the reply. I use Apache2 on Ubuntu. I don't see a httpd-ssl.conf.
I see a default-ssl.conf file. Do I need to add something to it?
If so could you please help me with the syntax?
Also the default-ssl.conf file at the moment I see it only in the sites-available folder and not in the sites-enabled folder.
Do I need to make a shortcut to it there?

thanks in advance
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 

Accepted Solution

by:
badwolfff earned 0 total points
ID: 40523503
I solved it myself by adding:

  ExpiresActive on

  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"

  ExpiresByType text/css "access plus 1 month"

  ExpiresByType image/x-icon "access plus 1 month"

  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/x-javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"


        <Directory /home/myfolder/public/mifujiclark.com/public>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride all
            Order allow,deny
            Allow from all
            Require all granted
        </Directory>
0
 
LVL 62

Expert Comment

by:gheist
ID: 40524768
Secure your server NOW:
SSLProtocol all -SSLv2
must become
SSLProtocol all -SSLv2 -SSLv3
(ssl3 is broken)
And
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
must become
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!3DES
(3des is effectively 112bit cypher)
0
 

Author Closing Comment

by:badwolfff
ID: 40529971
I solved the problem myself
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question