將 Apache 從 2.2 更新到 2.4 後返回 HTTP 403 的子域
在涉及將 Apache 從 2.2 更新到 2.4 的作業系統升級後,我現在嘗試訪問http://files.fierydragonlord.com/>和<http://status.fierydragonlord.com/時遇到 403 。但是,http://www.fierydragonlord.com有效。這是怎麼回事?
以下是我的 vhosts.conf:
# # VirtualHost template # Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf. # Files must have the .conf suffix to be loaded. # # See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints # about virtual hosts. # # NameVirtualHost statements can be added to /etc/apache2/listen.conf. # # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for requests without a known # server name. # NameVirtualHost *:80 <VirtualHost *:80> ServerName www.fierydragonlord.com # Specify alternative domain names for the virtual host like this # (wildcards * and ? may be used, and multiple aliases may be specified): # ServerAlias domain.tld extra.domain.tld *.domain.tld # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. DocumentRoot /srv/www/htdocs/ # Set log file location ErrorLog /var/log/apache2/error_log CustomLog /var/log/apache2/access_log combined # don't loose time with IP address lookups HostnameLookups Off # needed for named virtual hosts UseCanonicalName Off # configures the footer on server-generated documents ServerSignature On # Use custom error documents ErrorDocument 400 /00-Error/400.php ErrorDocument 401 /00-Error/401.php ErrorDocument 403 /00-Error/403.php ErrorDocument 404 /00-Error/404.php ErrorDocument 410 /00-Error/410.php ErrorDocument 414 /00-Error/414.php ErrorDocument 500 /00-Error/500.php ErrorDocument 503 /00-Error/503.php </VirtualHost> <VirtualHost *:80> ServerName status.fierydragonlord.com # Specify alternative domain names for the virtual host like this # (wildcards * and ? may be used, and multiple aliases may be specified): # ServerAlias domain.tld extra.domain.tld *.domain.tld # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. DocumentRoot /srv/www/vhosts/status/ DirectoryIndex index.php # Set log file location ErrorLog /var/log/apache2/status-error_log CustomLog /var/log/apache2/status-access_log combined # don't loose time with IP address lookups HostnameLookups Off # needed for named virtual hosts UseCanonicalName Off # configures the footer on server-generated documents ServerSignature On <Directory /> Options None Require all granted </Directory> # use .htaccess files for overriding, AccessFileName .htaccess # and never show them <Files ~ "^\.ht"> Require all denied </Files> </VirtualHost> <VirtualHost *:80> ServerName files.fierydragonlord.com # Specify alternative domain names for the virtual host like this # (wildcards * and ? may be used, and multiple aliases may be specified): # ServerAlias domain.tld extra.domain.tld *.domain.tld # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. DocumentRoot /srv/www/vhosts/files/ DirectoryIndex index.html # Set log file location ErrorLog /var/log/apache2/files-error_log CustomLog /var/log/apache2/files-access_log combined # don't loose time with IP address lookups HostnameLookups Off # needed for named virtual hosts UseCanonicalName Off # configures the footer on server-generated documents ServerSignature On <Directory /> Options None Require all granted </Directory> # use .htaccess files for overriding, AccessFileName .htaccess # and never show them <Files ~ "^\.ht"> Require all denied </Files> # Use custom error documents ErrorDocument 400 /00-Error/400.php ErrorDocument 401 /00-Error/401.php ErrorDocument 403 /00-Error/403.php ErrorDocument 404 /00-Error/404.php ErrorDocument 410 /00-Error/410.php ErrorDocument 414 /00-Error/414.php ErrorDocument 500 /00-Error/500.php ErrorDocument 503 /00-Error/503.php </VirtualHost>
我在日誌中收到這樣的錯誤:
[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer: http://www.fierydragonlord.com/ [Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php
apache2ctl -S
返回以下內容:[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf. AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16 VirtualHost configuration: *:80 is a NameVirtualHost default server www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18) port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18) port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18) port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53) port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53) port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92) port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92) ServerRoot: "/srv/www" Main DocumentRoot: "/srv/www/htdocs" Main ErrorLog: "/var/log/apache2/error_log" Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults Mutex default: dir="/run/" mechanism=default Mutex mpm-accept: using_defaults PidFile: "/run/httpd.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="wwwrun" id=30 Group: name="www" id=8
事實證明,舊
Order deny,allow
語法和新Require all granted
語法之間存在衝突。由 openSUSE 本身提供的系統主配置文件未配置為使用較新的Require
語法。因為Order
語法是由與語法不同的模組處理的Require
,所以舊的語法會覆蓋新的語法,導致它失敗。我已恢復到較舊的
Order
語法,並在自定義配置文件中添加了說明該問題的註釋。
Apache 2.4 處理虛擬主機指令的方式與 2.2 不同,請查看以下連結以獲取範例。
http://httpd.apache.org/docs/current/vhosts/examples.html
基本上,更改 NameVirtualHost *:80 -> Listen 80
所以它看起來像這樣:
Listen 80 # This is the "main" server running on 172.20.30.40 ServerName server.example.com DocumentRoot /www/mainserver <VirtualHost 172.20.30.50> DocumentRoot /www/example1 ServerName www.example.com # Other directives here ... </VirtualHost> <VirtualHost 172.20.30.50> DocumentRoot /www/example2 ServerName www.example.org # Other directives here ... </VirtualHost>
您可能還想檢查 httpd.conf 和 vhosts.conf 的其餘部分是否存在其他棄用和衝突。請參閱此連結。http://httpd.apache.org/docs/trunk/upgrading.html
您的自我回答部分正確,訂單/要求更改,但如果您瀏覽該頁面,您會看到更多。我建議您仔細閱讀並確保您已經解決了所有問題。即使你讓它工作,檢查和仔細檢查,一些更改可能不會破壞 apache 甚至 log.. 但可能會導致其他問題(安全/穩定性)。