On Mon, Jun 01, 2009 at 03:09:23PM -0700, Sander Temme wrote: > > > >Web server is RHEL 5.2 running httpd-2.2.3-22.el5 Nothing is logged > >to > >any error_log. > > I believe that is impossible: 403s are logged. Are you sure you are > looking in the right log? What are the access controls on your > DocumentRoot? It ought to be! But... [root@mda-vm1h ~]# tail /var/log/httpd/access_log 192.49.61.83 - - [01/Jun/2009:14:34:27 -0700] "GET /aspl/ HTTP/1.1" 403 247 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 128.49.61.123 - - [01/Jun/2009:14:34:46 -0700] "POST /threshold/services/ThresholdQuery?wsdl HTTP/1.0" 403 328 "-" "Axis/1.2.1" 127.0.0.1 - - [01/Jun/2009:14:36:13 -0700] "get /" 403 - "-" "-" 127.0.0.1 - - [01/Jun/2009:14:36:26 -0700] "get /index.html" 403 305 "-" "-" 192.49.61.83 - - [01/Jun/2009:14:46:43 -0700] "GET /verification/verify/editAPM.action HTTP/1.1" 403 263 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:46:51 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:48:20 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:14:48:22 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:35 -0700] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" 192.49.61.83 - - [01/Jun/2009:15:12:38 -0700] "GET /favicon.ico HTTP/1.1" 403 250 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10" [root@mda-vm1h ~]# tail /var/log/httpd/error_log [Mon Jun 01 14:30:46 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 14:30:47 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 14:30:47 2009] [notice] Digest: done [Mon Jun 01 14:30:47 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations [Mon Jun 01 14:33:45 2009] [notice] caught SIGTERM, shutting down [Mon Jun 01 14:33:45 2009] [notice] SELinux policy enabled; httpd running as context user_u:system_r:httpd_t [Mon Jun 01 14:33:45 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Mon Jun 01 14:33:46 2009] [notice] Digest: generating secret for digest authentication ... [Mon Jun 01 14:33:46 2009] [notice] Digest: done [Mon Jun 01 14:33:46 2009] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations There isn't exactly a plethora of log files for me to choose from: [root@mda-vm1h ~]# ls -l /var/log/httpd/ | grep "Jun 1" -rw-r--r-- 1 root root 5879 Jun 1 15:12 access_log -rw-r--r-- 1 root root 2578 Jun 1 14:33 error_log -rw-r--r-- 1 root root 1412 Jun 1 14:46 ssl_access_log -rw-r--r-- 1 root root 637 Jun 1 14:45 ssl_error_log -rw-r--r-- 1 root root 1684 Jun 1 14:46 ssl_request_log As for "access controls" on /var/www/html... none besides file permissions. [root@mda-vm1h ~]# ls -la /var/www/html/ total 32 drwxr-xr-x 3 root root 4096 Nov 12 2008 . drwxr-xr-x 6 root root 4096 Nov 12 2008 .. -rw-r--r-- 1 root root 1480 Apr 22 21:58 index.html > What is the LogLevel in your configuration file? Right now, "warn". I'll bump it up and try again. > >Access attempts are logged and look OK. There is no > > Do you mean the access attempt that resulted in the above response? > What response code is logged? See above. > >firewall... iptables is stopped, and I get the same result from > >localhost. Nothing is logged to audit.log, and the problem persists > >afetr "setenforce 0" > > You are definitely talking to the httpd, not to your firewall. No firewall. iptables is stoipped, browser and client are on same segment / subnet, and I get the same result from localhost. > >There is an index.html with 644, and it's in > >/var/www/html with 755, and that is set as the DocumentRoot. HTTPS > >works perfectly. > > What are the differences in access controls between your SSL vhost and > your plaintext vhost (or the main server, as the case may be)? There are no "access controls", as in htaccess or anything like that. Both httpd.conf and ssl.conf are pretty much stock. I had to point SSL to my certificate, key, and cabundle. Both are going to be materially the same as what comes out of the box. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|