Re: [gentoo-user] Apache2 SSL help
Grant wrote: Hi guys, I've finished moving to the new ~x86 apache2 layout and everything works except SSL. I get a 403 error when trying to access any https page. ssl_error_log says: client denied by server configuration: /var/www/localhost/htdocs/checkout.html I've triple-checked my config and it looks good to me. Any ideas? - Grant Check /etc/conf.d/apache2 to make sure you have APACHE2_OPTS=-D SSL -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache2 SSL help
Hi guys, I've finished moving to the new ~x86 apache2 layout and everything works except SSL. I get a 403 error when trying to access any https page. ssl_error_log says: client denied by server configuration: /var/www/localhost/htdocs/checkout.html I've triple-checked my config and it looks good to me. Any ideas? - Grant Check /etc/conf.d/apache2 to make sure you have APACHE2_OPTS=-D SSL Yeah it's in there. Usually when SSL doesn't work for me it isn't a 403. I don't know why it's doing that. - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache2 SSL help
Hi guys, I've finished moving to the new ~x86 apache2 layout and everything works except SSL. I get a 403 error when trying to access any https page. ssl_error_log says: client denied by server configuration: /var/www/localhost/htdocs/checkout.html I've triple-checked my config and it looks good to me. Any ideas? - Grant Check /etc/conf.d/apache2 to make sure you have APACHE2_OPTS=-D SSL Yeah it's in there. Usually when SSL doesn't work for me it isn't a 403. I don't know why it's doing that. Ok, I fixed this by removing these lines from httpd.conf: Directory / AllowOverride None Order Deny,Allow Deny from all /Directory I don't know why I didn't think of that yesterday. I'm even a little hungover. Can anyone tell me why that block worked with the old apache2 layout but not the new? Am I opening any holes by getting rid of it? - Grant -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache2 SSL help
Grant [EMAIL PROTECTED] writes: Actually all of my pages are either in / or /admin/. If I leave the above I get a 403 when accessing https though. Directory is related to the file-system directory, so you are setting it for your system's root, not your webpage's root. You need to have a Directory /path/to/your/webpage/ /Directory Regards, Martin -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Apache2 SSL help
Ok, it looks like the new apache2 httpd.conf has these: Directory /var/www/localhost/htdocs Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all /Directory Directory / Options FollowSymLinks AllowOverride None /Directory Is that sufficient considering I serve everything from: /var/www/localhost/htdocs and: /var/www/localhost/htdocs/admin or should I make some changes? I would think the Gentoo devs set these up to be pretty safe. I did add this to the end of the file: Options -Indexes This switches off Directory Indexes which is probabl not what you want... I don't need anyone browsing around in my image directory. I think that's the only thing +Indexes would mean for me. I thought that was a really common config though. A long time ago I read that this would be a good apache config to add: Directory / AllowOverride None Order Deny,Allow Deny from all /Directory so I had it in there until it combined with the new Gentoo apache2 layout to 403 https pages. I don't want to expose my system but removing that block is the only way to make https work. Am I OK without it considering the defaults quoted above, or do I need something like it for security? - Grant -- gentoo-user@gentoo.org mailing list
[gentoo-user] Apache2 SSL help
Hi guys, I've finished moving to the new ~x86 apache2 layout and everything works except SSL. I get a 403 error when trying to access any https page. ssl_error_log says: client denied by server configuration: /var/www/localhost/htdocs/checkout.html I've triple-checked my config and it looks good to me. Any ideas? - Grant -- gentoo-user@gentoo.org mailing list