Apache still does a directory ACL check on $DOC_ROOT + $REQ_PATH as if the request was going to go the filesystem, even if it ends up being captured later on by another handler. Just point docroot at an empty folder somewhere (not the trac env!) and then make a Directory block that grants Allow to all.
--Noah > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Nate > Sent: Thursday, February 19, 2009 12:30 PM > To: Trac Users > Subject: [Trac] "client denied by server configuration" in Apache error > log > > > We have Apache (2.2.3 on RHEL5) slightly hardened - in httpd.conf, > "Deny from all" is specified within <Directory "/var/www/html">. This > is overridden in the Apache config file for Trac with "Allow from all" > within <Location /projects>, where all of our Trac projects reside. > > When a user hits the site, a line similar to the following is logged: > > [<date>] [error] [client <client IP>] client denied by server > configuration: /var/www/html/<project>, referer: > https://<server>/projects/<project>/ > > Nothing in the project config or Apache config point to /var/www/html > or have a path relative to the web root that doesn't include / > projects/. The rendered page source also doesn't include any apparent > incorrect links. > > This seems related to http://lists.edgewall.com/archive/trac/2005- > June/003277.html > > Anyone have any idea what's causing these log entries? > > Thanks in advance, > Nate > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
