On Oct 11, 2009, at 2:57 PM, Kaya Saman wrote:
I have a few servers running apache and some folders which
have .htaccess files in them, I can access these from any network
inside the NAT of my router however when it comes down to external
access from outside the NAT I always get permission denied;
authorized access only??
Sounds to me like this is a DNS issue.
My systems are behind a reverse proxy handled by Squid but also
after Google'ing found that Squid doesn't care about .htaccess and
doesn't even know what it is.
Squid probably does not play a role in this.
Another page I read claimed that it could be an issue of IPS
protection system in the firewall - however iptables doesn't contain
any config only default and isn't even running I think only in
conjunction with fail2ban to prevent DoS attacks. My router, a Cisco
857W, also doesn't have IPS at all and IDS isn't enabled.
I doubt that is related, though possible, my gut tells me it is simpler.
Can anyone help me find a solution to this situation?? I have
checked the logs for httpd/access_log and error_log only to find
nothing mentioned about denying anything.....
If you can load a hostname from within your network, yet not outside,
that would tell me that when you are inside the network, the
resolution of that hostname is turning up an IP that apache is happy
to serve the results for. When you are outside the network, that
hostname is not the same IP as what is returned when you are inside
the network.
Any recommendations are appreciated! Thanks
I would run DNS lookups under both conditions. To keep it simple, if
your Web site you are trying to access is example.com, from the
working case, inside your network, open a terminal and run:
dig example.com A
Look for the result of the A record, and what IP address is is showing.
Now, go to the outside network where this is not working, and run the
same dig command. I suspect you will find there is a different IP
address being returned. If you are not seeing any hits to the
acces_log and error_log when outside the local network, it more than
likely means you are simply not reaching the machine you think you are.
However, you mention you get an access denied error, can you tell us
specifically what that error is, is it page 404 not found? What is
the http response code?
I do not see a Virtual Host container in your sample config you sent
in, you probably just need to set one up for the host you are trying
to reach.
Here is how I generally do it:
# START example.com
<VirtualHost *:80>
DocumentRoot "/var/www/munin"
ServerName example.com
ServerAlias www.example.com
DirectoryIndex index.html index.htm
<Directory "/var/www/munin">
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
# END example.com
--
Scott * If you contact me off list replace talklists@ with scott@ *
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
