On Sun, 2012-01-29 at 10:24 +0200, Alan Holt wrote: > And I have domain example.domain.com where I want to see file listing > in the current directory, but when I go in the browser to > example.domain.com I get the next error: > > Forbidden > You don't have permission to access / on this server. You need to check file permissions, SELinux, and HTTP configuration (directory and URI access permissions). Other restrictions, such as IP/address based should generate a different error message. Do you also get an error if you try viewing a particular file/page, rather than getting a list? > So I don't know what is the problem =( > My httpd.conf: > > <Directory /> > Order allow,deny > Allow from All > AllowOverride All > IndexOptions +FancyIndexing > Options +Indexes Includes MultiViews FollowSymLinks AuthConfig > FileInfo > </Directory> That's only a very small portion of the config file, and not the only place in the config file that can constrain access. That's the place that sets the basic file path defaults, there's another for more specific locations, such as /var/www/html > > My .htaccess file: > [root@services QaTests]# cat .htaccess > Options +Indexes Shouldn't be needed, if you specify the directives that you want in the configuration file. Also, the allowoverride config option that can be set in the config file can have different allow/deny rules depending on the filepath. You've only shown us the rules for /, paths inside that could be more restricted. > My directory: > drwxrwsrwt 5 root apache 4096 Jan 26 17:15 QaTests That's overly permissive. You do NOT want to give world writable privileges. And files should not be owned by apache, even as the apache group rather than apache user, for the same reason (you've given the group write access). Any other security holes, and you allow visitors to write files on your system. drwxr-xr-x- is enough for directories. Make sure that your permissions are appropriate all the way back to the root of the file system. All the parent directories, as well as your document root, need to have world readable and executable permissions. Web serving is easier, as a starting point for beginners, if you serve files from the default /var/www/html location. If you want to serve from elsewhere, you need to understand how to set SELinux options, and how to make them stick through any automatic relabels. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
