I have sussed this - part of the CIS hardening was to restrict antediluvian protocol versions, so I've removed that and it works fine.
On 5 August 2013 15:50, Sam Sexton <puheli...@gmail.com> wrote: > I'm running: > > Server version: Apache/2.4.3 (Unix) > Server built: Jan 16 2013 15:46:54 > > on Oracle Linux: Linux dtci-radwebs02 2.6.32-279.11.1.el6.x86_64 #1 SMP > Tue Oct 16 08:03:36 PDT 2012 x86_64 x86_64 x86_64 GNU/Linux > > with hardening as per CIS. Everything has worked well with various > browsers until today, when Noah's dad got out his IE6 and tried to access > the site. He got 403 Access denied, but although there was an entry in the > virtual host's access_log with that code, nothing was written to error_log. > > I found that the 403 was issued regardless of whether the file existed or > not (when other browsers return 404), which seems to indicate that the > access problem is above the user's htdocs directory (feel free to correct > this impression if necessary!). The httpd user has r-x access to htdocs and > rwx to the log directory. If these permissions weren't correct, other > browsers would complain, but it's only IE6 that is the odd one out. > > I've seen a slightly similar problem reported, but it referred to newer > versions of IE and didn't have a resolution. > > The odd thing is that IE6 can access an equivalent page on my development > server, but I have examined the permissions, ownership and config files and > haven't (yet) detected any significant differences. > > I'm going to run strace on all the httpd processes to see if that helps, > but any other suggestions would be appreciated! > > Thanks, > > /Sam > -- /Sam