Hi Mikael,
Thanks for the logs. It appears the 403 is coming from Apache httpd, probably
by a mod like the mod_authz_core I think.
You will need to troubleshoot the httpd configuration of the servers to check
what's wrong.
I would start by confirming they are on the same version. If you use something
like Ansible or Chef, you can check if the same file is being deployed to all
the servers, and if there are any errors reported by the configuration
management tool.
While on it, I would also double-check the httpd & modules versions, making
sure the same version is deployed across the servers, as some settings may be
deprecated or change behavior between releases.
The next thing I would do, if that didn't help, would then be to look for that
error code (AH01797). There could be some other module or configuration that is
causing the issue. Or a value that is deprecated.
Hope that helpsBruno
p.s.: also doesn't hurt to confirm the other libraries in the servers are up to
date, using the same versions, and other things like NTP sync, strange errors
like disk or kernel warnings/errors, etc.
On Friday, 9 October 2020, 1:50:56 am NZDT, Mikael Pesonen
<[email protected]> wrote:
Hi Bruno,
we don't have any extra systems that should cause IP out of range. It's
just standard Ubuntu 20.4 install.
Apache log has these:
[Thu Oct 08 12:12:54.959919 2020] [access_compat:error] [pid 394094]
[client ***:56774] AH01797: client denied by server configuration:
proxy:http://127.0.0.1:3030/js/app/templates/dataset-edit.tpl, referer:
https://***.lingsoft.fi/fuseki/dataset.html?tab=query&ds=/ds
On 8.10.2020 14:00, Bruno P. Kinoshita wrote:
> Hi Mikael,
>
> This one "ProxyTimeout 1200" looks like it could fail to load a template file
> if it took 1200 seconds to load (I think that's seconds). But probably you'd
> get a 503 or similar error.
> The "Require ip" could fail, but only if you had some sort of network setup
> with, perhaps, a load balancer, or an intrusion detection system, or
> something special that would send an IP out of range. That could raise a 401
> or 403 I think.
>
> That's from "mod_authz_core" I think. Do you have anything in the httpd or
> system logs about 403/401 errors from this mod?
> Bruno
>
> On Thursday, 8 October 2020, 11:46:41 pm NZDT, Mikael Pesonen
><[email protected]> wrote:
>
>
> We have this kind of reverse proxy on all instances:
>
> ProxyPreserveHost On
> ProxyTimeout 1200
> ProxyPass /fuseki/ http://127.0.0.1:3030/
> ProxyPassReverse /fuseki/ http://127.0.0.1:3030/
> <LocationMatch "/fuseki/">
> <RequireAny>
> Require ip ***/22
> Require ip ***/24
> Require ip ***/24
> Require ip ***
> </RequireAny>
> </LocationMatch>
>
> Jena is ran as service:
>
> # cat fuseki.service
> [Unit]
> Description=Fuseki
> [Service]
> Environment=FUSEKI_HOME=/opt/fuseki
> Environment=FUSEKI_BASE=/etc/fuseki
> Environment=JVM_ARGS="-Xmx6G
> -Dlog4j.configuration=file:/opt/apache-jena-fuseki-3.16.0/log4j2.properties"
> User=fuseki
> ExecStart=/opt/fuseki/fuseki-server --config=/etc/fuseki/config.ttl
> --update
> Restart=on-failure
> RestartSec=15
> [Install]
> WantedBy=multi-user.target
>
> ps showing
>
> fuseki 383091 1 16 17:27 ? 00:00:06 /usr/bin/java -Xmx6G
> -Dlog4j.configuration=file:/opt/apache-jena-fuseki-3.16.0/log4j2.properties
> -cp /opt/fuseki/fuseki-server.jar org.apache.jena.fuseki.cmd.FusekiCmd
> --config=/etc/fuseki/config.ttl --update
>
>
>
> On 8.10.2020 12:40, Bruno P. Kinoshita wrote:
>> Strange, I am using the web GUI more these past days but I haven't seen
>>this error yet.
>> It could be because I don't have auth/Shiro. Do you have permissions/auth
>> set up in Fuseki? Anything special about your set up, like a reverse proxy
>> in front of Fuseki?
>> Bruno
>>
>> On Thursday, 8 October 2020, 10:18:15 pm NZDT, Mikael Pesonen
>><[email protected]> wrote:
>>
>> Hi,
>>
>> what causes error when Fuseki GUI loads partly, up to "query upload
>> files edit info" menu, but after that stops to 403 errors and
>> shows only the text "Please select a dataset." for each tab?
>>
>> Components fail to load include dataset-selector.tpl, file-upload.tpl...
>>
>> We have few identical (I think) Jena/Fuseki installations and this
>> occurs on some of them.
>>
>
