Hey all,
I'm having a slightly weird issue with apache server-status on just one of my nodes.
In my httpd.conf I have the following:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.10.160
</Location>
If I do a ps grep I know that I'm using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
And if I check apachectl -S things look ok there too. I can also see I'm using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com (/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com (/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)
Syntax OK
Yet, for some reason I get permission denied when I try to do a get from localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>
I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface.
On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a slightly weird issue with apache server-status on just one of my nodes.
In my httpd.conf I have the following:
<Location /server-status>
SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160</Location>
If I do a ps grep I know that I'm using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
And if I check apachectl -S things look ok there too. I can also see I'm using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com (/opt/apache2/conf/httpd.conf:501)Syntax OK
Yet, for some reason I get permission denied when I try to do a get from localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>
I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Ok lets' try this again. I set the following in httpd.conf:
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160 </Location>
I bounce apache.
I verify the IP information is correct:
[root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0
Then if I try a GET on that IP using hostname -i
[root@webhosta apache2]# GET http://$(hostname -i)/server-status <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
OR if I try a GET with the actual IP, I get the following:
[root@webhosta apache2]# GET http://10.10.1.160/server-status <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
Any further thoughts?
Thanks
On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5atra@gmail.com wrote:
10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface.
On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a slightly weird issue with apache server-status on just one
of
my nodes.
In my httpd.conf I have the following:
<Location /server-status>
SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160</Location>
If I do a ps grep I know that I'm using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd -k start
And if I check apachectl -S things look ok there too. I can also see I'm using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com(/opt/apache2/conf/httpd.conf:501)
Syntax OK
Yet, for some reason I get permission denied when I try to do a get from localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>
I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server?
On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy bluethundr@gmail.com wrote:
Ok lets' try this again. I set the following in httpd.conf:
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160
</Location>
I bounce apache.
I verify the IP information is correct:
[root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0
Then if I try a GET on that IP using hostname -i
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
OR if I try a GET with the actual IP, I get the following:
[root@webhosta apache2]# GET http://10.10.1.160/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
Any further thoughts?
Thanks
On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5atra@gmail.com wrote:
10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo interface.
On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethundr@gmail.com wrote:
Hey all,
I'm having a slightly weird issue with apache server-status on just one
of
my nodes.
In my httpd.conf I have the following:
<Location /server-status>
SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160</Location>
If I do a ps grep I know that I'm using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head -5
root 28359 1 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd
-k
start
apache 28360 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd
-k
start
apache 28361 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd
-k
start
apache 28362 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd
-k
start
apache 28363 28359 0 21:38 ? 00:00:00 /opt/apache2/bin/httpd
-k
start
And if I check apachectl -S things look ok there too. I can also see
I'm
using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com(/opt/apache2/conf/httpd.conf:501)
Syntax OK
Yet, for some reason I get permission denied when I try to do a get
from
localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>
I can do a successful GET to 127.0.0.1, but our system is automated and relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Steven,
Thanks for your reply.
No there appears to be no difference there either. And I don't think reverse dns is setup on either host.
Tim
On Mon, Jun 9, 2014 at 11:03 PM, Steven Tardy sjt5atra@gmail.com wrote:
does /etc/hosts (or DNS or reverse DNS) differ between working server and non-working server?
On Mon, Jun 9, 2014 at 10:44 PM, Tim Dunphy bluethundr@gmail.com wrote:
Ok lets' try this again. I set the following in httpd.conf:
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160
</Location>
I bounce apache.
I verify the IP information is correct:
[root@webhosta apache2]# ifconfig | grep inet inet addr:10.10.1.160 Bcast:10.10.1.255 Mask:255.255.254.0 inet addr:127.0.0.1 Mask:255.0.0.0
Then if I try a GET on that IP using hostname -i
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
OR if I try a GET with the actual IP, I get the following:
[root@webhosta apache2]# GET http://10.10.1.160/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /server-status on this server.</p> <hr> <address>Apache Server at 10.10.1.160 Port 80</address> </body></html>
Any further thoughts?
Thanks
On Mon, Jun 9, 2014 at 10:23 PM, Steven Tardy sjt5atra@gmail.com
wrote:
10.10.160 != 10.10.1.160 the GET is probably going across ethx interface instead of lo
interface.
On Mon, Jun 9, 2014 at 9:56 PM, Tim Dunphy bluethundr@gmail.com
wrote:
Hey all,
I'm having a slightly weird issue with apache server-status on just
one
of
my nodes.
In my httpd.conf I have the following:
<Location /server-status>
SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.160</Location>
If I do a ps grep I know that I'm using the right config:
[root@webhosta apache2]# ps -ef | grep apache | grep -v grep | head
-5
root 28359 1 0 21:38 ? 00:00:00
/opt/apache2/bin/httpd
-k
start
apache 28360 28359 0 21:38 ? 00:00:00
/opt/apache2/bin/httpd
-k
start
apache 28361 28359 0 21:38 ? 00:00:00
/opt/apache2/bin/httpd
-k
start
apache 28362 28359 0 21:38 ? 00:00:00
/opt/apache2/bin/httpd
-k
start
apache 28363 28359 0 21:38 ? 00:00:00
/opt/apache2/bin/httpd
-k
start
And if I check apachectl -S things look ok there too. I can also see
I'm
using the right config:
[root@webhosta apache2]# /opt/apache2/bin/httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:* is a NameVirtualHost
default server test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost test.mydomain.com(/opt/apache2/conf.d/z001_mydomain.conf:1)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:469)
port * namevhost webhosta.dmz.domain.com(/opt/apache2/conf/httpd.conf:480)
port * namevhost hcphp.nbc.com(/opt/apache2/conf/httpd.conf:501)
Syntax OK
Yet, for some reason I get permission denied when I try to do a get
from
localhost:
[root@webhosta apache2]# GET http://$(hostname -i)/server-status
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /server-status
on this server.</p>
<hr>
<address>Apache Server at 10.10.1.160 Port 80</address>
</body></html>
I can do a successful GET to 127.0.0.1, but our system is automated
and
relies on doing a GET to the value of hostname -i.
Does anyone have any ideas or suggestions as to what could be wrong?
Thanks
Tim
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 10/06/14 13:22, Tim Dunphy wrote:
Hi Steven,
Thanks for your reply.
No there appears to be no difference there either. And I don't think reverse dns is setup on either host.
Tim
Hi Tim.
The only time I've seen such an error was when the user the web server is running as doesn't have permission to access the file system directory - in your case, /server-status. Maybe this particular instance has a different user set up for the Apache process?
Cheers, ak.
On 10/06/14 16:26, Anthony K wrote:
Hi Tim. The only time I've seen such an error was when the user the web server is running as doesn't have permission to access the file system directory - in your case, /server-status. Maybe this particular instance has a different user set up for the Apache process? Cheers, ak.
I was corrected by a well known troll that /server-status is not in the file system - :-( !
Please excuse my jabber...
Am 10.06.2014 um 04:44 schrieb Tim Dunphy bluethundr@gmail.com:
Ok lets' try this again. I set the following in httpd.conf:
<Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 10.10.1.160
</Location>
for testing - what about disabling temporarily the access restriction?
-- LF
-
Anthony K -
Leon Fauster -
Steven Tardy -
Tim Dunphy