Shortcut
Prev이전 문서
Next다음 문서
Shortcut
Prev이전 문서
Next다음 문서
Apache 2.4 이상 버전에서 403 에러가 발생. error.log 를 보니 다음과 같은 에러가 있었다.
[Tue Dec 11 17:49:19.350384 2012] [authz_core:error] [pid 5308:tid 1576] [client 127.0.0.1:53603] AH01630: client denied by server configuration: /DOCUMENT_ROOT
아마도 우분투를 업그레이드하면서 (2.2에서 2.4로 업그레이드) 기존에쓰던 conf 파일 옵션값이 문제를 일으킨모양이다.
apache 2.2
<Directory /DOCUMENT_ROOT>
~~~
Order allow,deny
Allow from all
</Directory>
apache 2.4 최신
<Directory /DOCUMENT_ROOT>
~~~
Require all granted
</Directory>
아래는 apache 공식사이트 설명문서다.
https://httpd.apache.org/docs/2.4/upgrading.html
2.2 configuration:
Order deny,allow Deny from all
2.4 configuration:
Require all denied
In this example, there is no authentication and all requests are allowed.
2.2 configuration:
Order allow,deny Allow from all
2.4 configuration:
Require all granted
In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.
2.2 configuration:
Order Deny,Allow Deny from all Allow from example.org
2.4 configuration:
Require host example.org
In the following example, mixing old and new directives leads to unexpected results.
Mixing old and new directives: NOT WORKING AS EXPECTED
DocumentRoot "/var/www/html" <Directory "/"> AllowOverride None Order deny,allow Deny from all </Directory> <Location "/server-status"> SetHandler server-status Require local </Location> access.log - GET /server-status 403 127.0.0.1 error.log - AH01797: client denied by server configuration: /var/www/html/server-status
Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat directives take precedence over the mod_authz_host one in this configuration merge scenario.
This example conversely works as expected:
Mixing old and new directives: WORKING AS EXPECTED
DocumentRoot "/var/www/html" <Directory "/"> AllowOverride None Require all denied </Directory> <Location "/server-status"> SetHandler server-status Order deny,allow Deny from all Allow From 127.0.0.1 </Location> access.log - GET /server-status 200 127.0.0.1
So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old directives and then migrate to the new ones on a later stage or just migrate everything in bulk.
In many configurations with authentication, where the value of the Satisfy was the default of ALL, snippets that simply disabled host-based access control are omitted:
2.2 configuration:
# 2.2 config that disables host-based access control and uses only authentication Order Deny,Allow Allow from all AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
# No replacement of disabling host-based access control needed AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting both criteria:
2.2 configuration:
Order allow,deny Deny from all # Satisfy ALL is the default Satisfy ALL Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure <RequireAll> Require valid-user Require ip 127.0.0.1 </RequireAll>
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting either criteria:
2.2 configuration:
Order allow,deny Deny from all Satisfy any Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure # Implicitly <RequireAny> Require valid-user Require ip 127.0.0.1
| 번호 | 분류 | 제목 | 날짜 | 조회 수 | 추천 수 |
|---|---|---|---|---|---|
| 공지 | 뉴스 |
구글 최신 뉴스
|
2024.12.12 | 2210 | 0 |
| 공지 | 🚨 “뉴비 필독! 커뮤니티 사이트 안내 & 덕질 가이드 191 | 2025.10.18 | 18571 | 116 | |
| 공지 | 📢 [공모] "우리 커뮤니티 사이트, 뭐라고 부를까요?" 정체성을 찾아주세요! (1만P) 14 | 2026.01.17 | 12985 | 29 | |
| 10679 | 네이버 지식쇼핑을 보면 깜놀랄일 | 2014.03.23 | 3981 | 0 | |
| 10678 | mysql 6.0 다운로드 (windows 계열 32비트용) | 2014.03.29 | 2817 | 0 | |
| 10677 | 리니지 프리서버 - 춘자 2.7클라이언트 2 | 2014.03.30 | 9569 | 0 | |
| 10676 | 안녕하세요 | 2014.04.07 | 1953 | 0 | |
| 10675 | 가입했습니당^.^ 1 | 2014.04.07 | 2206 | 0 | |
| 10674 | 가입인사드립니다. 1 | 2014.04.07 | 2148 | 0 | |
| 10673 | 스위트망고입니다. 반갑습니다 1 | 2014.04.07 | 2221 | 0 | |
| 10672 | 영자님 2 | 2014.04.11 | 4020 | 0 | |
| 10671 | 카오스원 2 | 2014.04.11 | 3300 | 0 | |
| 10670 | 컴퓨터 포멧하려는데 BIOS 화면이 안떠요. 6 | 2014.04.12 | 5204 | 0 | |
| 10669 | 하이하이 1 | 2014.04.12 | 4170 | 0 | |
| 10668 | 영자씨 1 | 2014.04.13 | 2648 | 1 | |
| 10667 | 인텔 v프로 원격제어 지원 메인보드-애즈락 Q87M 프로 출시 | 2014.04.26 | 2872 | 0 | |
| 10666 | 하즈웰 4세대 오버클럭시 온도차이. | 2014.04.26 | 2412 | 0 | |
| 10665 | 갠적으로 마음에 드는 그래픽카드 GTX760 PHANTOM DDR5 2G 1 | 2014.04.26 | 2872 | 0 | |
| 10664 | 탑파워 TOPOWER TOP-500D 80PLUS Bronze | 2014.04.26 | 1959 | 0 | |
| 10663 | 슈퍼플라워 SF-500P12A 후기 | 2014.04.26 | 1738 | 0 | |
| 10662 | 인텔 코어 i7 하스웰 4770 추천드림 | 2014.04.26 | 2448 | 0 | |
| 10661 | 듀얼 모니터 작업표시줄 프로그램 | 2014.04.26 | 3001 | 0 | |
| 10660 | 일반하드랑 ssd랑 차이가 심한가요? 1 | 2014.04.26 | 3053 | 0 | |
| 10659 | 로지텍 Gaming Mouse G100 쓰다보니 | 2014.04.26 | 2210 | 0 | |
| 10658 | AMD FX 8300 비쉐라는 인텔 cpu 어느것과 동급인가요? 1 | 2014.04.26 | 4303 | 0 | |
| 10657 | 인텔 G3220 하스웰- 부모님 조립해드렸어요 | 2014.04.26 | 2444 | 0 | |
| 10656 | 인텔 제온 E3-1230V3, 제온짝퉁이라니? | 2014.04.26 | 2657 | 0 | |
| 10655 | ipTIME Extender2 무선공유기 wifi 확장써보니...안습 | 2014.04.26 | 2340 | 0 | |
| 10654 | 안철수 v3백신도 좋지만, avast가 더 좋은것 같아요 | 2014.04.27 | 2508 | 0 | |
| 10653 | 컴퓨터가 아무래도 연차가 있다보니.. 1 | 2014.04.27 | 3438 | 0 | |
| 10652 | 그외 | 컴퓨터 온도측정 프로그램 hwmonitor | 2014.04.28 | 3790 | 0 |
| 10651 | 이용하는 사람이 별로 없나바요. 3 | 2014.04.28 | 3531 | 0 | |
| 10650 | 안녕하세요^^ 이번에 PC 새로 맞추려는데 1 | 2014.04.28 | 2355 | 0 |