Link to home
Start Free TrialLog in
Avatar of fuzzyfreak
fuzzyfreak

asked on

Linux upgrade stopped intranet from working "Forbidden You don't have permission to access"

Dutifully upgraded Linux on our Intranet site. At first I could not access home page, configured apache2.conf file as follows -

<Directory />
      Options FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

"Now, I can hit the home page (and open the WP-admin console) but when I try any links, I get
Not Found
The requested URL /URLNAME was not found on this server.
Apache/2.4.7 (Ubuntu) Server at intranet.goptions.co.uk Port 80"

Any ideas what is stopping me from seeing my pages? (or database?)
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

<Directory ...>
   <RequireAny>
       Require all granted
  </Require>
</Directory>
Avatar of fuzzyfreak
fuzzyfreak

ASKER

Hi Jan, thanks for this. Is there a typo somewhere?
when I add this to the conf file and restart apache, it complains -
"Expected </RequireAny> but saw </Require>"
Yes, a typo.  A closing must always match the opening except with the "/".
So, to be clear, it should be -
<Directory ...>
   <RequireAny>
       Require all granted
  </RequireAny>
</Directory>

?
That still does not work, I'm afraid.
SOLUTION
Avatar of Jan Bacher
Jan Bacher
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
So it now looks like this -

<Directory ...>
   <RequireAll>
       Require all granted
  </RequireAll>
</Directory>

Still does not work, still getting error when trying to click links.
check /var/log/httpd/access* and error* logs.

are you running selinux?  
   # getenforce

if it comes back "1" then that's a yes.
   # ls -ldZ /var/www/html
   # ls -lZ /var/www/html

if you have modsecurity for apache also installed, that's another troubleshooting area to consider.
Why do you have access controls at all when default is to serve /index.html to the world?
Explain?
The could not access homepage is not backed by error log entry
There is no telling if document root went to better pasture or directory index or it is really about access list.
I am sorry,I do not understand.
This is a WordPress site, if that helps to explain location of pages better. It seems the upgrade had tied down permissions, however I can access wp-admin, link checker days pages do not exist, suggesting permissions stopping access to those pages. I have not checked the log, I can't now until I log back onto server. Any idea what I am looking for?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I do not see a 'httpd' folder in /var/log
Cos on debian it is /var/log/apache2
/var/log/apache2/error.log.1 appears to be the log file I was after and here is the error -

AH01630: client denied by server configuration:

I am therefore looking at this article at the moment -
http://stackoverflow.com/questions/18392741/apache2-ah01630-client-denied-by-server-configuration
You can replace FollowSymLinks with Alias, that is more secure and server side is less picky.
Still can't fix this so if either of you can help I'd appreciate it.  I believe the issue is down to my instance not being in the default folder, it is here -
 DocumentRoot "/sites/intranet/htdocs"
It looks that default apache conf has been hardened and you need to add premissions to <Directory /sites/intranet> too
Others already have read and execute to the entire folder structure (0755) - what specifically are you suggesting I do?
So far, I have the following -

<Directory ...>
      AllowOverride None
      Require all granted
</Directory>


<Directory /sites/intranet>
      AllowOverride None
      Require all granted
</Directory>

<Directory /sites/intranet/htdocs>
      AllowOverride None
      Require all granted
</Directory>

<Directory />
      Options FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

<Directory /usr/share>
      AllowOverride None
      Require all granted
</Directory>

<Directory /var/www/>
      Options Indexes FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>

<Directory /srv/>
      Options Indexes FollowSymLinks
      AllowOverride None
      Require all granted
</Directory>
Do you have site editors that manipulate symlinks?
If you make symlinks you can make your apache more secure with alias per symlink.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for all your help on this, the situation became rather desperate and I managed to call in some internal expertise which I did not realise we had. The resolution is very important to archive because this did not exist anywhere else on support forums.