Tags:
create new tag
view all tags

Question

I have read the other questions related to the /bin/configure permissions issues, and have tried all the solutions, but still cannot access the configure file.

I have modified the twiki.conf to allow anyone to access the bin folder, as well as changed permissions on the entire twiki folder to wwwrun:www.

TWiki is installed at /etc/twiki.

The error reported by apache is:

[error] [client 127.0.0.1] client denied by server configuration: /etc/twiki/bin/configure

My twiki.conf (appended to the end of /etc/httpd/httpd.conf)(excluding all but sections related to twiki/bin) is:

# The ScriptAlias defines the bin directory as a directory where CGI 
# scripts are allowed.
# The first parameter will be part of the URL to your installation e.g.
# http://my.co.uk/twiki/bin/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /twiki/bin "/etc/twiki/bin"

# The Alias defines a url that points to the root of the twiki installation.
# It is used to access files in the pub directory (attachments etc) 
# It must come _after_ the ScriptAlias.
Alias /twiki "/etc/twiki"

# This specifies the options on the TWiki scripts directory. The ExecCGI 
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
<Directory "/etc/twiki/bin">
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess

    Options ExecCGI FollowSymLinks
    SetHandler cgi-script

    # Password file for TWiki users
    AuthUserFile /etc/twiki/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
    AuthType Basic

# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# It exposes system details that can help attackers.
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    #Order Deny,Allow
    #Deny from all
    #Allow from localhost
    #Require user bschmalzried root wwwrun
    Satisfy Any
    Allow from all
</FilesMatch>

</Directory>

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: SuSE Linux Enterprise Server 9.3
Web server: Apache 1.3.29
Perl version: 5.8.3
Client OS:  
Web Browser: Konqueror 3.2.1
Categories: Installation

-- BrianSchmalzried - 11 Jan 2008

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

The error message usually points to a problem with Apache's Allow and Deny settings. Your config file looks fine, so all I can do is guess:

  • You write about /bin/configure permissions: Maybe you missed that the correct URL is /twiki/bin/configure?
  • Did you, per accident or on purpose, wrap your configuration in a VirtualHost directive?
  • Or do you use one of the browsers which is denied access (I could only imagine using telnet for that)?
In all of these cases, you could get the message client denied by server configuration. In the first two cases it would be because the actual installation directory would be missed by Apache, and it would use its default: somewhere in httpd.conf you'll find a Deny from all for the path of "/".

You could try to temporarily comment out the Deny from all from the root path: I doubt that you'll succeed in accessing configure, but probably the message in error.log will be more helpful.

-- HaraldJoerg - 11 Jan 2008

Seems to be answered.

-- PeterThoeny - 02 Mar 2008

Change status to:
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2008-03-02 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.