2 votos

Subdominios que devuelven HTTP 403 tras actualizar Apache de 2.2 a 2.4

Después de una actualización del sistema operativo que implicó la actualización de Apache de 2.2 a 2.4, ahora estoy recibiendo 403s tratando de acceder a http://files.fierydragonlord.com/ y http://status.fierydragonlord.com/ . Sin embargo, http://www.fierydragonlord.com funciona. ¿Qué es lo que pasa?

El siguiente es mi vhosts.conf:

#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/htdocs/

    # Set log file location
    ErrorLog /var/log/apache2/error_log
    CustomLog /var/log/apache2/access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php
</VirtualHost>

<VirtualHost *:80>
    ServerName status.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/status/

    DirectoryIndex index.php

    # Set log file location
    ErrorLog /var/log/apache2/status-error_log
    CustomLog /var/log/apache2/status-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted
    </Directory>

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied
    </Files>
</VirtualHost>

<VirtualHost *:80>
    ServerName files.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld

    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/files/

    DirectoryIndex index.html

    # Set log file location
    ErrorLog /var/log/apache2/files-error_log
    CustomLog /var/log/apache2/files-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted
    </Directory>

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied
    </Files>

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php
</VirtualHost>

Estoy recibiendo errores como este en el registro:

[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer: http://www.fierydragonlord.com/
[Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php

apache2ctl -S devuelve lo siguiente:

[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
         port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="wwwrun" id=30
Group: name="www" id=8

2voto

tremor Puntos 143

Apache 2.4 maneja la directiva de host virtual de una manera diferente que 2.2, revise el siguiente enlace para ver ejemplos.

http://httpd.apache.org/docs/current/vhosts/examples.html

Básicamente, cambie NameVirtualHost *:80 -> Listen 80

Así que parece esto:

Listen 80

# This is the "main" server running on 172.20.30.40
ServerName server.example.com
DocumentRoot /www/mainserver

<VirtualHost 172.20.30.50>
    DocumentRoot /www/example1
    ServerName www.example.com

    # Other directives here ...
</VirtualHost>

<VirtualHost 172.20.30.50>
    DocumentRoot /www/example2
    ServerName www.example.org

    # Other directives here ...
</VirtualHost>

También es posible que desee comprobar el resto de su httpd.conf y vhosts.conf para otras depreciaciones y conflictos. Consulte este enlace. http://httpd.apache.org/docs/trunk/upgrading.html

Tu autorrespuesta es parcialmente correcta, el orden/requerimiento cambia pero si navegas por esa página, verás bastantes más. Te sugiero que lo leas bien y te asegures de que lo has abordado todo. Incluso si consigues que funcione, comprueba y vuelve a comprobar, algunos de los cambios podrían no romper apache o incluso log.. pero podrían causar otros problemas (seguridad/estabilidad).

1voto

DragonLord Puntos 369

Resulta que hay un conflicto entre el mayor Order deny,allow y la más reciente Require all granted sintaxis. Los archivos de configuración maestros del sistema, suministrados por el propio openSUSE, no están configurados para utilizar la nueva sintaxis Require sintaxis. Dado que la Order es procesada por un módulo diferente al módulo Require la sintaxis antigua prevalece sobre la nueva, provocando un fallo.

He vuelto al antiguo Order con una nota en los archivos de configuración personalizados que explique el problema.

EnMiMaquinaFunciona.com

EnMiMaquinaFunciona es una comunidad de administradores de sistemas en la que puedes resolver tus problemas y dudas.
Puedes consultar las preguntas de otros sysadmin, hacer tus propias preguntas o resolver las de los demás.

Powered by:

X