본문 바로가기

컴퓨터/노트북/인터넷

IT 컴퓨터 기기를 좋아하는 사람들의 모임방

단축키

Prev이전 문서

Next다음 문서

단축키

Prev이전 문서

Next다음 문서

Extra Form

Apache 2.4 이상 버전에서 403 에러가 발생. error.log 를 보니 다음과 같은 에러가 있었다.

 

[Tue Dec 11 17:49:19.350384 2012] [authz_core:error] 
[pid 5308:tid 1576] [client 127.0.0.1:53603] AH01630: 
client denied by server configuration: /DOCUMENT_ROOT

 

 


아마도 우분투를 업그레이드하면서 (2.2에서 2.4로 업그레이드) 기존에쓰던 conf 파일 옵션값이 문제를 일으킨모양이다.

 

apache 2.2

<Directory /DOCUMENT_ROOT>

   ~~~

    Order allow,deny

    Allow from all

</Directory>

 

apache 2.4 최신

<Directory /DOCUMENT_ROOT>

    ~~~

    Require all granted

</Directory>

 

 

 

 

 

 

 

 

아래는 apache 공식사이트 설명문서다.

 

https://httpd.apache.org/docs/2.4/upgrading.html

 

 

 

 

2.2 configuration:

 Order deny,allow Deny from all 

2.4 configuration:

 Require all denied 

In this example, there is no authentication and all requests are allowed.

2.2 configuration:

 Order allow,deny Allow from all 

2.4 configuration:

 Require all granted 

In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.

2.2 configuration:

 Order Deny,Allow Deny from all Allow from example.org 

2.4 configuration:

 Require host example.org 

In the following example, mixing old and new directives leads to unexpected results.

Mixing old and new directives: NOT WORKING AS EXPECTED

 DocumentRoot "/var/www/html" <Directory "/"> AllowOverride None Order deny,allow Deny from all </Directory> <Location "/server-status"> SetHandler server-status Require local </Location> access.log - GET /server-status 403 127.0.0.1 error.log - AH01797: client denied by server configuration: /var/www/html/server-status 

Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat directives take precedence over the mod_authz_host one in this configuration merge scenario.

This example conversely works as expected:

Mixing old and new directives: WORKING AS EXPECTED

 DocumentRoot "/var/www/html" <Directory "/"> AllowOverride None Require all denied </Directory> <Location "/server-status"> SetHandler server-status Order deny,allow Deny from all Allow From 127.0.0.1 </Location> access.log - GET /server-status 200 127.0.0.1 

So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old directives and then migrate to the new ones on a later stage or just migrate everything in bulk.

In many configurations with authentication, where the value of the Satisfy was the default of ALL, snippets that simply disabled host-based access control are omitted:

2.2 configuration:

 # 2.2 config that disables host-based access control and uses only authentication Order Deny,Allow Allow from all AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user 

2.4 configuration:

 # No replacement of disabling host-based access control needed AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user 

In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting both criteria:

2.2 configuration:

 Order allow,deny Deny from all # Satisfy ALL is the default Satisfy ALL Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user 

2.4 configuration:

 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure <RequireAll> Require valid-user Require ip 127.0.0.1 </RequireAll> 

In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting either criteria:

2.2 configuration:

 Order allow,deny Deny from all Satisfy any Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user 

2.4 configuration:

 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure # Implicitly <RequireAny> Require valid-user Require ip 127.0.0.1 

컴퓨터/노트북/인터넷

IT 컴퓨터 기기를 좋아하는 사람들의 모임방

List of Articles
번호 분류 제목 조회 수 날짜
공지 뉴스 구글 최신 뉴스 file 1384 2024.12.12
HOT글 일반 아 진짜 요새 SKT 해킹 뭐시기 때문에 신경 쓰여 죽겠어 ㅠㅠ 2 236 2025.05.20
공지 사랑LOVE 포인트 만렙! 도전 4651 2025.03.19
공지 🚨(뉴비필독) 전체공지 & 포인트안내 2 25846 2024.11.04
공지 URL만 붙여넣으면 끝! 임베드 기능 20431 2025.01.21
10640 네이버 지식쇼핑을 보면 깜놀랄일 3950 2014.03.23
10639 mysql 6.0 다운로드 (windows 계열 32비트용) 2784 2014.03.29
10638 리니지 프리서버 - 춘자 2.7클라이언트 2 9501 2014.03.30
10637 안녕하세요 1924 2014.04.07
10636 가입했습니당^.^ 1 2187 2014.04.07
10635 가입인사드립니다. 1 2123 2014.04.07
10634 스위트망고입니다. 반갑습니다 1 2194 2014.04.07
10633 영자님 2 4000 2014.04.11
10632 카오스원 2 3276 2014.04.11
10631 컴퓨터 포멧하려는데 BIOS 화면이 안떠요. 6 5184 2014.04.12
10630 하이하이 1 4141 2014.04.12
10629 영자씨 1 2621 2014.04.13
10628 인텔 v프로 원격제어 지원 메인보드-애즈락 Q87M 프로 출시 2849 2014.04.26
10627 하즈웰 4세대 오버클럭시 온도차이. 2377 2014.04.26
10626 갠적으로 마음에 드는 그래픽카드 GTX760 PHANTOM DDR5 2G 1 2840 2014.04.26
10625 탑파워 TOPOWER TOP-500D 80PLUS Bronze 1939 2014.04.26
10624 슈퍼플라워 SF-500P12A 후기 1711 2014.04.26
10623 인텔 코어 i7 하스웰 4770 추천드림 2423 2014.04.26
10622 듀얼 모니터 작업표시줄 프로그램 2974 2014.04.26
10621 일반하드랑 ssd랑 차이가 심한가요? 1 3033 2014.04.26
10620 로지텍 Gaming Mouse G100 쓰다보니 2198 2014.04.26
10619 AMD FX 8300 비쉐라는 인텔 cpu 어느것과 동급인가요? 1 4268 2014.04.26
10618 인텔 G3220 하스웰- 부모님 조립해드렸어요 2420 2014.04.26
10617 인텔 제온 E3-1230V3, 제온짝퉁이라니? 2632 2014.04.26
10616 ipTIME Extender2 무선공유기 wifi 확장써보니...안습 2322 2014.04.26
10615 안철수 v3백신도 좋지만, avast가 더 좋은것 같아요 2486 2014.04.27
10614 컴퓨터가 아무래도 연차가 있다보니.. 1 3409 2014.04.27
10613 그외 컴퓨터 온도측정 프로그램 hwmonitor 3775 2014.04.28
10612 이용하는 사람이 별로 없나바요. 3 3509 2014.04.28
10611 안녕하세요^^ 이번에 PC 새로 맞추려는데 1 2333 2014.04.28
Board Pagination Prev 1 2 3 4 5 6 7 8 9 10 ... 355 Next
/ 355