On Sun, Apr 19, 2009 at 12:55 PM, David C. Rankin <drankinatty@xxxxxxxxxxxxxxxxxx> wrote: > David C. Rankin wrote: >> Paul, >> >> I updated to the latest svn for 1.5 (revision 13565) and for some reason, my >> signout page no longer redirects to my home page and instead gives a 403 error. >> My config is: >> >> $signout_page = SM_PATH . 'config/3111return.html'; >> >> [13:37 nirvana:/srv/www/htdocs/squirrelmail/config] # cat 3111return.html >> <html> >> <title>3111Skyline, Nacogdoches, Texas -- Freedom For All</title> >> <meta http-equiv="REFRESH" content="0;url=http://nirvana.3111skyline.com";> >> <body> >> </body> >> </html> >> >> This has worked fine until this latest update. I'm scratching my head as to >> why. The apache error log says: >> >> [Sun Apr 19 04:28:09 2009] [error] [client 192.168.6.102] client denied by >> server configuration: /srv/www/htdocs/squirrelmail/config/3111return.html >> >> I haven't changed my configuration, so I'm wondering if something in the >> latest update didn't invoke some additional security that existed in the server >> already but that sqmail didn't use until this las update. >> >> I picked around a bit with google on the error and found the suggestion to try >> loosening the global security by commenting out the Deny from all: >> >> # forbid access to the entire filesystem by default >> <Directory /> >> Options None >> AllowOverride None >> Order deny,allow >> # Deny from all >> </Directory> >> >> But, that made no difference. Any thoughts on what I should check next?? >> Thanks for your great work. >> > > The problem was the config/.htaccess file which contained the "Deny from All" > directive. > > Fixing the .htaccess files solved the problem. I don't know if this is new > with the latest update or not, but it is a good idea from a security > standpoint, and requiring a few custom entries for files in the config > directory is the way to go. It's intentional. The real fix is not to serve pages from the config directory. Only configuration files used internally belong there. ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
