Access forbidden Error 403 with Virtual Host

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Access forbidden Error 403 with Virtual Host

Postby Debugged » 08. August 2015 14:48

Code: Select all
<VirtualHost *:80>
    DocumentRoot "D:/xampp/htdocs"
    ServerName localhost
    ServerAlias localhost
   
   ErrorLog "D:/xampp/Logs/localhost-error.log"
    CustomLog "D:/xampp/Logs/localhost-access.log" common
   
    <Directory  "D:/xampp/htdocs/">
       AllowOverride All
   Require local
   Require ip 192.168.188
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "D:/WEBDEV/WWW"
    ServerName workbench.webdev
    ServerAlias www.workbench.webdev
   
    ErrorLog "D:/WEBDEV/WWW/Logs/workbench-apache.error.log"
    CustomLog "D:/WEBDEV/WWW/Logs/workbench-apache.access.log" common   

    <Directory "D:/WEBDEV/WWW">
   AllowOverride all
        Options Indexes FollowSymLinks

       <IfDefine APACHE24>
          Require local
          Require ip 192.168.188
      </IfDefine>

      <IfDefine !APACHE24>
         Order Deny,Allow
            Deny from all
            Allow from 127.0.0.0/8 localhost ::1 192.168.188
      </IfDefine>

    </Directory>
   # E_ALL & ~E_STRICT
   
    php_admin_value error_reporting 30719

    php_value max_execution_time 180
   
    php_value memory_limit 128M
   
    php_value post_max_size 32M
   
    php_value max_upload_size 50M
   
    php_value upload_max_filesize 32M

    php_flag  display_errors off   
   
    php_flag log_errors on

    php_value error_log "D:/WEBDEV/WWW/Logs/workbench-php.error.log"
</VirtualHost>


With above virtual host entries I can access localhost just fine. The default XAMPP page comes up and things are running smoothly.
Logs are being logged for localhost and I am happy.

Though for my work directory I get error 403.
Reading this post https://community.apachefriends.org/f/viewtopic.php?f=17&t=71294&p=244070&hilit=virtual+host+403#p244070 I changed httpd.conf line 188 and 189 from User Deamon and Group Deamon to User [userame of the Windows account I log into the system] and same for Group.
Though that does not change the 403 error.
Is that the error?

Another thing is that under D:/WEBDEV/WWW/ I do not have an index.html or index.php file but many folders with my various work projects.
Ideally I like to see those folders (FollowSymLinks) in the browser and when I click on one of the folders, THEN inside each one of those I have an index.html or an index.php file and THEN the project in question should come up in the browser under the URL workbench.webdev/[projectfolder]/.
If not having an index. file in D:/WEBDEV/WWW/ causes this please let me know how I can tell Apache to NOT look for an index. file in D:/WEBDEV/WWW/ but actually follow the links in that folder with the FollowSymLinks command, thank you.

Win HOSTS file does have the entry 127.0.0.1 workbench.webdev.

To restrict access to the local network only I have set require rules for the localhost IP 127.0.0.1 as well as for the IP range that my router dishes out to local clients.
I fear that
Code: Select all
<IfDefine APACHE24>

might be causing issues here.

If you find a bit of time to look into this please let me know what I can change.
The logs for my workbench already appear in the D:\WEBDEV\WWW\Logs directory, so that works fine also.
error.log
Code: Select all
[Sat Aug 08] [authz_core:error] [pid 7396:tid 2016] [client 127.0.0.1:63407] AH01630: client denied by server configuration: D:/WEBDEV/WWW/

access.log
Code: Select all
127.0.0.1 - - [08/Aug/] "GET / HTTP/1.1" 403 1062


Thank you for your help.
100% pure perseverance, nothing else!
Debugged
 
Posts: 21
Joined: 07. August 2015 23:26
Operating System: Win 7 Ultimate 64 SP1

Re: Access forbidden Error 403 with Virtual Host

Postby Debugged » 08. August 2015 15:14

Got it!

https://community.apachefriends.org/f/viewtopic.php?p=113036 and https://httpd.apache.org/docs/2.2/mod/core.html#options helped.

The error was that instead of changing options in the virtual host file I had to change the setting in the Apache configuration file httpd.conf from

Code: Select all
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>


to

Code: Select all
#
# Deny access to the entirety of [b]your server's filesystem[/b]. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride all
    Require all granted
</Directory>
100% pure perseverance, nothing else!
Debugged
 
Posts: 21
Joined: 07. August 2015 23:26
Operating System: Win 7 Ultimate 64 SP1

Re: Access forbidden Error 403 with Virtual Host

Postby Altrea » 08. August 2015 15:57

With your last change you have granted access to all requests for which there is no other access rule defined.
So you have changed the previous whitelist to a blacklist now.

This is a really bad change and you should undo this.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8286
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Access forbidden Error 403 with Virtual Host

Postby Debugged » 08. August 2015 17:59

Thank you for letting me know. :shock:

When I change the httpd.conf settings back what do I need to change in the vhost file to be able to see the dirs in the browser please?

Changing User in httpd.conf did not do the trick. Omitting the
Code: Select all
<IfDefine APACHE24>
did also not do the trick.

Would love to be able to access my projects from workbench.webdev/[project_folder] in the browser and lock the dev environment to local network access like I tired with the 127.. and 198.. rules.

edit
The error log shows me it is expecting an .ico file though there are no files in the root dir, just folders and those should be showing because of
Code: Select all
AllowOverride All
and
Code: Select all
Options Indexes FollowSymLinks
, no?

Code: Select all
[Sat Aug 08 [authz_core:error] [pid 7092:tid 2012] [client 127.0.0.1:58399] AH01630: client denied by server configuration: D:/WEBDEV/WWW/favicon.ico


Not really sure what I am missing in the vhost file :oops: if the httpd.conf shall remain untouched.
Code: Select all
<VirtualHost *:80>
    DocumentRoot "D:/xampp/htdocs"
    ServerName localhost
    ServerAlias localhost
   
   ErrorLog "D:/xampp/Logs/localhost-error.log"
    CustomLog "D:/xampp/Logs/localhost-access.log" common
   
    <Directory  "D:/xampp/htdocs/">
       AllowOverride All
   Require local
   Require ip 192.168.188
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "D:/WEBDEV/WWW"
    ServerName workbench.webdev
    ServerAlias www.workbench.webdev
   
    ErrorLog "D:/WEBDEV/WWW/Logs/workbench-apache.error.log"
    CustomLog "D:/WEBDEV/WWW/Logs/workbench-apache.access.log" common   

    <Directory "D:/WEBDEV/WWW/">
      
      AllowOverride All
      
      Options Indexes FollowSymLinks
              
       <IfDefine APACHE24>
          Require local
          Require ip 192.168.188
      </IfDefine>

      <IfDefine !APACHE24>
         Order Deny,Allow
            Deny from all
            Allow from 127.0.0.0/8 localhost ::1 192.168.188
      </IfDefine>

    </Directory>
</VirtualHost>


Any suggestion or help would be much appreciated.

Thank you.
:)
100% pure perseverance, nothing else!
Debugged
 
Posts: 21
Joined: 07. August 2015 23:26
Operating System: Win 7 Ultimate 64 SP1

Re: Access forbidden Error 403 with Virtual Host

Postby Debugged » 08. August 2015 18:41

Got it!

This time also the right way. 8)

Code: Select all
<Directory "D:/WEBDEV/WWW/">

    AllowOverride all
   
    Options Indexes FollowSymLinks
   
    # allow from this machine
    Require local

    #allow from my local network subnet
    Require ip 192.168.188

</Directory>


..was added to httpd.conf and NOT httpd-vhost.conf et violà, sorted!
:P

So this and obviously the above section for httpd.conf locks down requests from outside BUT allows requests from the local network to the work folder and subfolders with the projects inside.

Good you let me wait for a reply and even better you let me know about the obvious hole in my security!!
Love finding out about all this, love how it all comes together when properly coded, just like with any other app.. more or less... hehe. :D
100% pure perseverance, nothing else!
Debugged
 
Posts: 21
Joined: 07. August 2015 23:26
Operating System: Win 7 Ultimate 64 SP1


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 31 guests