Hello,
This says you have two virtualhosts pointing to the same name, so only
the first one will be used:
(/etc/apache2/sites-enabled/000-default.conf:46) *:443
is a NameVirtualHost default server www.example.org
(/etc/apache2/sites-enabled/000-ssl:2) port 443 namevhost
www.example.org
But still that virtualhost you just pasted has no servername, so that
one may be very well catching everything.
These things can be quite easy to see if you are still in doubt.
Define a specific access log for each virtualhost with different file
names, check where you land.
When defining several virtualhosts define a unique servername for each
always. Remember first match wins.
El mar, 20 abr 2021 a las 12:35, Adrian
(<adrian@xxxxxxxxxxxxxx.invalid>) escribió:
>
> Thanks Daniel.
>
> I had one redundant .htaccess file in the vhost domain, now removed.
> Restarted and no change.
>
> Results of apachectl -S below:
>
> apachectl -S
> [Tue Apr 20 11:22:05.839049 2021] [so:warn] [pid 2744] AH01574: module
> ssl_module is already loaded, skipping VirtualHost configuration:
> *:* is a NameVirtualHost
> default server myserver.io
> (/etc/apache2/sites-enabled/000-default.conf:1) port * namevhost
> myserver.io (/etc/apache2/sites-enabled/000-default.conf:1) port *
> namevhost www.example.org
> (/etc/apache2/sites-enabled/000-default.conf:46) *:443
> is a NameVirtualHost default server www.example.org
> (/etc/apache2/sites-enabled/000-ssl:2) port 443 namevhost
> www.example.org (/etc/apache2/sites-enabled/000-ssl:2) ServerRoot:
> "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog:
> "/var/log/apache2/error.log" Mutex mpm-accept: using_defaults
> Mutex watchdog-callback: using_defaults
> Mutex rewrite-map: using_defaults
> Mutex ssl-stapling-refresh: using_defaults
> Mutex ssl-stapling: using_defaults
> Mutex proxy: using_defaults
> Mutex ssl-cache: using_defaults
> Mutex default: dir="/var/lock/apache2" mechanism=fcntl
> PidFile: "/var/run/apache2.pid"
> Define: DUMP_VHOSTS
> Define: DUMP_RUN_CFG
> User: name="www-data" id=33
> Group: name="www-data" id=33
>
> There is a top-level vhost which maps "http://myserver.io"; to the
> top-level docroot, though oddly it doesn't seem to see the files
> there. Here is the content. Below this is the vhost I originally
> listed, and below that another vhost which maps a different domain to a
> different docroot.
>
> <VirtualHost *> ServerAdmin webmaster@localhost
>
> DocumentRoot /var/www/
> <Directory / >
> Options FollowSymLinks
> AllowOverride All
> </Directory>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride All
> Require all granted
> # This directive allows us to have apache2's default
> start page # in /apache2-default/, but still have / go to the right
> place # RedirectMatch ^/$ /apache2-default/
> </Directory>
>
> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
>
> <Directory "/usr/lib/cgi-bin">
> AllowOverride None
> Options ExecCGI MultiViews SymLinksIfOwnerMatch
> Require all granted
> </Directory>
>
> ErrorLog /var/log/apache2/error.log
>
> # Possible values include: debug, info, notice, warn, error,
> # crit, alert, emerg.
> LogLevel warn
>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-agent}i\"" combined
> CustomLog /var/log/apache2/access.log combined ServerSignature
> On
>
> Alias /doc/ "/usr/share/doc/"
> <Directory "/usr/share/doc/">
> Options Indexes MultiViews FollowSymLinks
> AllowOverride None
> Require local
> </Directory>
> </VirtualHost>
>
> There's nothing in apache2.conf that looks suspicious to me but I can
> list it if it helps.
>
> Adrian
>
> On Tue, 20 Apr 2021 12:10:09 +0200
> Daniel Ferradal <dferradal@xxxxxxxxxx> wrote:
>
> > Check "apachectl -S" output in case there is some other virtualhost
> > there getting the requests.
> >
> > That virtualhost as it is should deny access, if it is not, then there
> > is something missing in what you show. Not sure if it may be another
> > virtualhost or another virtualhost and .htaccess, etc.
> >
> > El mar, 20 abr 2021 a las 12:01, Adrian
> > (<adrian@xxxxxxxxxxxxxx.invalid>) escribió:
> > >
> > > using Apache/2.4.38 (Debian)
> > > with Debian-style split config.
> > >
> > > Here are the relevant bits of a vhost. This is
> > > in /etc/apache2/sites-enabled/000-default.
> > >
> > > <VirtualHost *>
> > > ServerName www.example.org
> > > DocumentRoot /var/www/example
> > > CustomLog /var/log/apache2/example/access.log combined
> > >
> > > <Directory "/var/www/example/" >
> > > # DISABLE THE ENTIRE DOCROOT
> > > Require all denied
> > > </Directory>
> > > </VirtualHost>
> > >
> > > I restarted Apache and browsed a page that isn't in cache. It
> > > loaded as normal.
> > >
> > > My real question is that basic file auth is also ignored, but I
> > > thought I'd start simple.
> > >
> > > Things that might be related, to rule them out:
> > > ${APACHE_LOCK_DIR} and ${APACHE_RUN_DIR} are not defined.
> > >
> > > I have the compatibility module loaded, as I migrated from 2.2,
> > > but as far as I can see I have no remaining 2.2 syntax in my config.
> > >
> > > Let me know what else you may need and I'll provide it.
> > >
> > > Thanks
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
--
Daniel Ferradal
HTTPD Project
#httpd help at Freenode
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|