컴퓨터/노트북/인터넷
IT 컴퓨터 기기를 좋아하는 사람들의 모임방
Apache 2.4 이상 버전에서 403 에러가 발생. error.log 를 보니 다음과 같은 에러가 있었다.
[Tue Dec 11 17:49:19.350384 2012] [authz_core:error] [pid 5308:tid 1576] [client 127.0.0.1:53603] AH01630: client denied by server configuration: /DOCUMENT_ROOT
아마도 우분투를 업그레이드하면서 (2.2에서 2.4로 업그레이드) 기존에쓰던 conf 파일 옵션값이 문제를 일으킨모양이다.
apache 2.2
<Directory /DOCUMENT_ROOT>
~~~
Order allow,deny
Allow from all
</Directory>
apache 2.4 최신
<Directory /DOCUMENT_ROOT>
~~~
Require all granted
</Directory>
아래는 apache 공식사이트 설명문서다.
https://httpd.apache.org/docs/2.4/upgrading.html
2.2 configuration:
Order deny,allow Deny from all
2.4 configuration:
Require all denied
In this example, there is no authentication and all requests are allowed.
2.2 configuration:
Order allow,deny Allow from all
2.4 configuration:
Require all granted
In the following example, there is no authentication and all hosts in the example.org domain are allowed access; all other hosts are denied access.
2.2 configuration:
Order Deny,Allow Deny from all Allow from example.org
2.4 configuration:
Require host example.org
In the following example, mixing old and new directives leads to unexpected results.
Mixing old and new directives: NOT WORKING AS EXPECTED
DocumentRoot "/var/www/html"
<Directory "/">
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Location "/server-status">
SetHandler server-status
Require local
</Location>
access.log - GET /server-status 403 127.0.0.1
error.log - AH01797: client denied by server configuration: /var/www/html/server-status
Why httpd denies access to servers-status even if the configuration seems to allow it? Because mod_access_compat directives take precedence over the mod_authz_host one in this configuration merge scenario.
This example conversely works as expected:
Mixing old and new directives: WORKING AS EXPECTED
DocumentRoot "/var/www/html"
<Directory "/">
AllowOverride None
Require all denied
</Directory>
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
Allow From 127.0.0.1
</Location>
access.log - GET /server-status 200 127.0.0.1
So even if mixing configuration is still possible, please try to avoid it when upgrading: either keep old directives and then migrate to the new ones on a later stage or just migrate everything in bulk.
In many configurations with authentication, where the value of the Satisfy was the default of ALL, snippets that simply disabled host-based access control are omitted:
2.2 configuration:
# 2.2 config that disables host-based access control and uses only authentication Order Deny,Allow Allow from all AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
# No replacement of disabling host-based access control needed AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting both criteria:
2.2 configuration:
Order allow,deny Deny from all # Satisfy ALL is the default Satisfy ALL Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure <RequireAll> Require valid-user Require ip 127.0.0.1 </RequireAll>
In configurations where both authentication and access control were meaningfully combined, the access control directives should be migrated. This example allows requests meeting either criteria:
2.2 configuration:
Order allow,deny Deny from all Satisfy any Allow from 127.0.0.1 AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure Require valid-user
2.4 configuration:
AuthType Basic AuthBasicProvider file AuthUserFile /example.com/conf/users.passwd AuthName secure # Implicitly <RequireAny> Require valid-user Require ip 127.0.0.1
컴퓨터/노트북/인터넷
IT 컴퓨터 기기를 좋아하는 사람들의 모임방
| 번호 | 분류 | 제목 | 조회 수 | 날짜 |
|---|---|---|---|---|
| 공지 | 뉴스 |
구글 최신 뉴스
|
1457 | 2024.12.12 |
| HOT글 | 일반 | 샤오미 BE6500 라우터 실사용 후기 (Wi-Fi 7 + 2.5G 스위치 기능까지 ㄷㄷ) 4 | 1025 | 2025.06.28 |
| 공지 |
🚨(뉴비필독) 전체공지 & 포인트안내
22 
|
29071 | 2024.11.04 | |
| 공지 | URL만 붙여넣으면 끝! 임베드 기능 | 23120 | 2025.01.21 | |
| 41 | 그외 | 컴퓨터 온도측정 프로그램 hwmonitor | 3777 | 2014.04.28 |
| 40 | 그외 | 시더가 없는 자료에 대한 희망 | 2707 | 2014.05.06 |
| 39 | 그외 | 노트북 이정도 그래픽이면 월탱 돌아가나요? 2 | 4032 | 2014.05.06 |
| 38 | 그외 | 롤같은 게임 설치 안되고 오류뜰때 대처방법 | 2228 | 2014.05.20 |
| 37 | 그외 | desyediter 데이지에디트 파일 | 1866 | 2014.05.20 |
| 36 | 그외 | 이번에 인텔 그래픽 드라이버 최신판 나왔다던데 6 | 3886 | 2014.05.21 |
| 35 | 그외 | 드라이버 설치가 안되요.... 1 | 3132 | 2014.05.26 |
| 34 | 그외 | 한글 작설할때 표 제목 밑엔 출처 짜증나네요... 1 | 2988 | 2014.06.02 |
| 33 | 그외 | 동영상 편집 프로그램 도움 점 부탁드립니다 2 | 2705 | 2014.06.13 |
| 32 | 그외 | 바이오스 리셋 | 1652 | 2014.06.18 |
| 31 | 그외 | 유투브 영상을 추출 못하겠네요. 1 | 1602 | 2014.07.03 |
| 30 | 그외 | visual basic과 ms-sql 연동방법 1 | 759 | 2015.06.17 |
| 29 | 그외 | 동영상 추출 어떻게 하나요? ㅠㅠ 1 | 1579 | 2015.06.17 |
| 28 | 그외 | vpn 프로그램 괜찮은거 없나요? 1 | 1417 | 2015.07.04 |
| 27 | 그외 | DB서버와 DATA서버를 분리하는 방법 아시는분 | 1049 | 2016.01.20 |
| 26 | 그외 | 윈도우 업데이트 청소 툴 | 2827 | 2016.07.14 |
| 25 | 그외 | Redirect NWD 64bit 악성프로그램 삭제하기 | 1065 | 2019.03.27 |
| 24 | 그외 | youtube 4K 비디오 다운로드 하는 방법 (무료프로그램임돠) | 242 | 2019.04.28 |
| 23 | 그외 | 웹서버 이미지 압축모듈 설치, 설정 (apache) 1 | 277 | 2019.06.08 |
| 22 | 그외 | 통합드라이버 설치 프로그램 이지드라이버팩 EasyDrv7 | 1654 | 2019.07.22 |