Virtualhost

將 Apache 從 2.2 更新到 2.4 後返回 HTTP 403 的子域

  • February 4, 2014

在涉及將 Apache 從 2.2 更新到 2.4 的作業系統升級後,我現在嘗試訪問http://files.fierydragonlord.com/>和<http://status.fierydragonlord.com/時遇到 403 。但是,http://www.fierydragonlord.com有效。這是怎麼回事?

以下是我的 vhosts.conf:

#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#

NameVirtualHost *:80

&lt;VirtualHost *:80&gt;
   ServerName www.fierydragonlord.com

   # Specify alternative domain names for the virtual host like this
   # (wildcards * and ? may be used, and multiple aliases may be specified):
   # ServerAlias domain.tld extra.domain.tld *.domain.tld


   # DocumentRoot: The directory out of which you will serve your
   # documents. By default, all requests are taken from this directory, but
   # symbolic links and aliases may be used to point to other locations.
   DocumentRoot /srv/www/htdocs/

   # Set log file location
   ErrorLog /var/log/apache2/error_log
   CustomLog /var/log/apache2/access_log combined

   # don't loose time with IP address lookups
   HostnameLookups Off
   # needed for named virtual hosts
   UseCanonicalName Off
   # configures the footer on server-generated documents
   ServerSignature On

   # Use custom error documents
   ErrorDocument 400 /00-Error/400.php
   ErrorDocument 401 /00-Error/401.php
   ErrorDocument 403 /00-Error/403.php
   ErrorDocument 404 /00-Error/404.php
   ErrorDocument 410 /00-Error/410.php
   ErrorDocument 414 /00-Error/414.php
   ErrorDocument 500 /00-Error/500.php
   ErrorDocument 503 /00-Error/503.php
&lt;/VirtualHost&gt;

&lt;VirtualHost *:80&gt;
   ServerName status.fierydragonlord.com

   # Specify alternative domain names for the virtual host like this
   # (wildcards * and ? may be used, and multiple aliases may be specified):
   # ServerAlias domain.tld extra.domain.tld *.domain.tld


   # DocumentRoot: The directory out of which you will serve your
   # documents. By default, all requests are taken from this directory, but
   # symbolic links and aliases may be used to point to other locations.
   DocumentRoot /srv/www/vhosts/status/

   DirectoryIndex index.php

   # Set log file location
   ErrorLog /var/log/apache2/status-error_log
   CustomLog /var/log/apache2/status-access_log combined

   # don't loose time with IP address lookups
   HostnameLookups Off
   # needed for named virtual hosts
   UseCanonicalName Off
   # configures the footer on server-generated documents
   ServerSignature On

   &lt;Directory /&gt;
       Options None
       Require all granted
   &lt;/Directory&gt;

   # use .htaccess files for overriding,
   AccessFileName .htaccess
   # and never show them
   &lt;Files ~ "^\.ht"&gt;
       Require all denied
   &lt;/Files&gt;
&lt;/VirtualHost&gt;

&lt;VirtualHost *:80&gt;
   ServerName files.fierydragonlord.com

   # Specify alternative domain names for the virtual host like this
   # (wildcards * and ? may be used, and multiple aliases may be specified):
   # ServerAlias domain.tld extra.domain.tld *.domain.tld


   # DocumentRoot: The directory out of which you will serve your
   # documents. By default, all requests are taken from this directory, but
   # symbolic links and aliases may be used to point to other locations.
   DocumentRoot /srv/www/vhosts/files/

   DirectoryIndex index.html

   # Set log file location
   ErrorLog /var/log/apache2/files-error_log
   CustomLog /var/log/apache2/files-access_log combined

   # don't loose time with IP address lookups
   HostnameLookups Off
   # needed for named virtual hosts
   UseCanonicalName Off
   # configures the footer on server-generated documents
   ServerSignature On

   &lt;Directory /&gt;
       Options None
       Require all granted
   &lt;/Directory&gt;

   # use .htaccess files for overriding,
   AccessFileName .htaccess
   # and never show them
   &lt;Files ~ "^\.ht"&gt;
       Require all denied
   &lt;/Files&gt;

   # Use custom error documents
   ErrorDocument 400 /00-Error/400.php
   ErrorDocument 401 /00-Error/401.php
   ErrorDocument 403 /00-Error/403.php
   ErrorDocument 404 /00-Error/404.php
   ErrorDocument 410 /00-Error/410.php
   ErrorDocument 414 /00-Error/414.php
   ErrorDocument 500 /00-Error/500.php
   ErrorDocument 503 /00-Error/503.php
&lt;/VirtualHost&gt;

我在日誌中收到這樣的錯誤:

[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer: http://www.fierydragonlord.com/
[Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php

apache2ctl -S返回以下內容:

[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16
VirtualHost configuration:
*:80                   is a NameVirtualHost
        default server www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
        port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
        port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
        port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
        port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
        port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
        port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="wwwrun" id=30
Group: name="www" id=8

事實證明,舊Order deny,allow語法和新Require all granted語法之間存在衝突。由 openSUSE 本身提供的系統主配置文件未配置為使用較新的Require語法。因為Order語法是由與語法不同的模組處理的Require,所以舊的語法會覆蓋新的語法,導致它失敗。

我已恢復到較舊的Order語法,並在自定義配置文件中添加了說明該問題的註釋。

Apache 2.4 處理虛擬主機指令的方式與 2.2 不同,請查看以下連結以獲取範例。

http://httpd.apache.org/docs/current/vhosts/examples.html

基本上,更改 NameVirtualHost *:80 -> Listen 80

所以它看起來像這樣:

Listen 80

# This is the "main" server running on 172.20.30.40
ServerName server.example.com
DocumentRoot /www/mainserver

&lt;VirtualHost 172.20.30.50&gt;
   DocumentRoot /www/example1
   ServerName www.example.com

   # Other directives here ...
&lt;/VirtualHost&gt;

&lt;VirtualHost 172.20.30.50&gt;
   DocumentRoot /www/example2
   ServerName www.example.org

   # Other directives here ...
&lt;/VirtualHost&gt;

您可能還想檢查 httpd.conf 和 vhosts.conf 的其餘部分是否存在其他棄用和衝突。請參閱此連結。http://httpd.apache.org/docs/trunk/upgrading.html

您的自我回答部分正確,訂單/要求更改,但如果您瀏覽該頁面,您會看到更多。我建議您仔細閱讀並確保您已經解決了所有問題。即使你讓它工作,檢查和仔細檢查,一些更改可能不會破壞 apache 甚至 log.. 但可能會導致其他問題(安全/穩定性)。

引用自:https://serverfault.com/questions/556848