Juha Nieminen wrote:

> I am using Suse 10.2 and Apache 2.2.3.
>
> I had Apache working as a www server for many years, but now I tried
> to make some changes to its configuration with Yast, and I don't know
> what I did, but now Apache is giving 403 to *all* requests. It doesn't
> matter who tries to search or what, they always get 403. Even if I try
> to get something from localhost, I just get 403. The only thing which
> has changed is something Yast may have written to the Apache
> configuration files, and I have no idea what it could be. I didn't
> consciously change anything.
>
> I have absolutely no idea where to even begin to search the problem.
> /var/log/apache2/access_log just lists the request as a 403, and
> /var/log/apache2/error_log just says "client denied by server
> configuration" for all requests.
>
> No, I don't have a .htaccess file anywhere. Never had.
>
> Any suggestions? It would help if I saw from somewhere the exact
> reason for the denial. I don't have the slightest clue where to get it,
> though.

It *might* help if you provide your configuration files...
But then again that *might* just be a surprising idea from *all* of us
here...

--
arkascha

arkascha wrote:

> Juha Nieminen wrote:
>
>> I am using Suse 10.2 and Apache 2.2.3.
>>
>> I had Apache working as a www server for many years, but now I tried
>> to make some changes to its configuration with Yast, and I don't know
>> what I did, but now Apache is giving 403 to *all* requests. It doesn't
>> matter who tries to search or what, they always get 403. Even if I try
>> to get something from localhost, I just get 403. The only thing which
>> has changed is something Yast may have written to the Apache
>> configuration files, and I have no idea what it could be. I didn't
>> consciously change anything.
>>
>> I have absolutely no idea where to even begin to search the problem.
>> /var/log/apache2/access_log just lists the request as a 403, and
>> /var/log/apache2/error_log just says "client denied by server
>> configuration" for all requests.
>>
>> No, I don't have a .htaccess file anywhere. Never had.
>>
>> Any suggestions? It would help if I saw from somewhere the exact
>> reason for the denial. I don't have the slightest clue where to get it,
>> though.
>
> It *might* help if you provide your configuration files...
> But then again that *might* just be a surprising idea from *all* of us
> here...

On second thought, maybe you line
"I don't have the slightest clue where to get it"
might indicate, that you are configuring apache through yast2 without being
aware that yast2 only writes the 'normal' apache configuration files you
will find unter /etc/apache2/...
Have a look there and/or provide some of the more relevant configuration
files you will find there...

--
arkascha

arkascha wrote:
> It *might* help if you provide your configuration files...

All the configuration files under /etc/apache2 amount to over 1800
lines. I don't think it would be the greatest of ideas to post them here.

Does this mean there's absolutely no way to make apache to tell the
exact reason why it's giving a 403 response?

Juha Nieminen wrote:

> arkascha wrote:
>> It *might* help if you provide your configuration files...
>
> All the configuration files under /etc/apache2 amount to over 1800
> lines. I don't think it would be the greatest of ideas to post them here.
>
> Does this mean there's absolutely no way to make apache to tell the
> exact reason why it's giving a 403 response?

True, it's quite some amount. That's why I wrote "the relevant files".
People usually use something like "http://pastebin.com/" to 'show' files and
just send the generated link here. But you might not want to do that.

Getting apache to make a clear description is not always possible. You can
try to lift the log verbosity but that might not help in this case
(depends, actually). Look for 'LogLevel' under /etc/apache2, for example
with 'grep -rni "LogLevel" /etc/apache2', change the value to 'Debug' and
restart apache with 'rcapache2 graceful'. You will get more debugging info,
but it might actually be easier to take a look at the options you will find
in the sections of the config files, take a closer look at
the "Allow from ..." and "Deny from ..." terms. Most likely yast2 has
configured your DocumentRoot to be protected.

You might also be interested in this:
http://httpd.apache.org/docs/2.0/mod/mod_access.html

--
arkascha

arkascha wrote:
> Getting apache to make a clear description is not always possible. You can
> try to lift the log verbosity but that might not help in this case
> (depends, actually). Look for 'LogLevel' under /etc/apache2, for example
> with 'grep -rni "LogLevel" /etc/apache2', change the value to 'Debug' and
> restart apache with 'rcapache2 graceful'. You will get more debugging info,
> but it might actually be easier to take a look at the options you will find
> in the sections of the config files, take a closer look at
> the "Allow from ..." and "Deny from ..." terms. Most likely yast2 has
> configured your DocumentRoot to be protected.

It seems that yast had indeed made some relevant change, as the only
relevant Directory entry in /etc/apache2/httpd.conf was:


Options None
AllowOverride None
Order deny,allow
Deny from all


I added the following after that block:


Allow from all


and it's working again.

Thanks for the tips.