禁止Apache虚拟主机文档根和代理文件访问
[英]Apache Virtual host document root AND proxy file access forbidden
问题描述
I am setting up my personal domain and I have this config: 
我正在设置我的个人域,并且具有以下配置:
ServerAdmin contact@brentc.in
Listen 80
<VirtualHost *:80>
DocumentRoot "/www/brentc.in"
ServerName brentc.in
ServerAlias www.brentc.in
</VirtualHost>
Listen 443 https
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
ServerName brentc.in
ServerAlias www.brentc.in
DocumentRoot /www/brentc.in/
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem
</VirtualHost>
<VirtualHost *:443>
ServerName atlassian.brentc.in
ServerAlias www.atlassian.brentc.in
DocumentRoot /www/atlassian.brentc.in/
Options Indexes FollowSymLinks Includes ExecCGI
SSLProtocol all -SSLv2
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /jira/secure/admin/IntegrityChecker.jspa http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa timeout=3600
ProxyPassReverse /jira/secure/admin/IntegrityChecker.jspa http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location /jira>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
ProxyPass http://localhost:8081/jira retry=0
ProxyPassReverse http://localhost:8081/jira
SetOutputFilter DEFLATE
</Location>
</VirtualHost>
For the first domain ( brentc.in ) I can access index.html just fine. 对于第一个域( brentc.in ),我可以访问index.html 。 For the second domain ( atlassian.brentc.in ) it shows the apache sample (test 123) page and when I explicitly go to index.html it says I'm not allowed to access the file. 对于第二个域( atlassian.brentc.in ),它显示apache示例(测试123)页面,当我显式转到index.html它说我不允许访问该文件。
My file permissions are exactly the same as the working index.html . 我的文件权限与工作index.html完全相同。 Am I missing something here? 我在这里想念什么吗?
The atlassian.brentc.in is also a proxy to a behind the scenes tomcat server. atlassian.brentc.in还是后台tomcat服务器的代理。 My intention is, when you go to atlassian.brentc.in it shows you a landing page. 我的意图是,当您访问atlassian.brentc.in它会向您显示一个着陆页。 Then from there you can go to atlassian.brentc.in/jira . 然后从那里可以转到atlassian.brentc.in/jira 。
The error_log contains this: error_log包含以下内容:
[Wed Jun 14 10:43:47.714099 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/index.html
[Wed Jun 14 10:43:47.952670 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/favicon.ico, referer: https://atlassian.brentc.in/index.html
1 个解决方案
解决方案1
1 已采纳 2017-06-14 08:48:25
i think you need to add something like this 我认为你需要添加这样的东西
<Directory "your/sample/directory">
# AllowOverride All # Deprecated
# Order Allow,Deny # Deprecated
# Allow from all # Deprecated
# --New way of doing it this is the important part
Require all granted
</Directory>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.