Xymon Mailing List Archive search

Keep getting 403 Forbidden on /xymon

list Jerald Sheets
Fri, 6 Dec 2013 12:32:56 -0500
Message-Id: <user-5390397cd4ab@xymon.invalid>

There are no errors in that listing, except you don't have a favicon.

---
Jerald M. Sheets jr.


On Fri, Dec 6, 2013 at 11:43 AM, Doug Strick <user-1c52a486cbc5@xymon.invalid>wrote:

That got me a little further.  Now I just get a directory listing instead
of a 403.  The xymon web console still won't load.  Below is what's in the
access logs when I hit /xymon/.  Also found mod_access_compat is in the
configs and being loaded so not sure why the original config didn't work.
 I've also noticed some of the directories of xymon are empty like
/usr/local/xymon/server/www/html.  Is that normal?

00-base.conf:LoadModule access_compat_module modules/mod_access_compat.so

10.33.98.24 - - [06/Dec/2013:08:37:06 -0800] "GET /xymon/ HTTP/1.1" 200
2336 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/30.0.1599.101 Safari/537.36"
10.33.98.24 - - [06/Dec/2013:08:37:07 -0800] "GET /icons/back.gif
HTTP/1.1" 200 216 "http://buildsystem.xyz.net/xymon/"; "Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/30.0.1599.101 Safari/537.36"
10.33.98.24 - - [06/Dec/2013:08:37:07 -0800] "GET /icons/blank.gif
HTTP/1.1" 200 148 "http://buildsystem.xyz.net/xymon/"; "Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/30.0.1599.101 Safari/537.36"
10.33.98.24 - - [06/Dec/2013:08:37:07 -0800] "GET /icons/folder.gif
HTTP/1.1" 200 225 "http://buildsystem.xyz.net/xymon/"; "Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/30.0.1599.101 Safari/537.36"
10.33.98.24 - - [06/Dec/2013:08:37:07 -0800] "GET /favicon.ico HTTP/1.1"
404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/30.0.1599.101 Safari/537.36"


On Thu, Dec 5, 2013 at 10:41 PM, Jeremy Laidman <user-71895fb2e44c@xymon.invalid>wrote:

On 6 December 2013 11:49, Doug Strick <user-1c52a486cbc5@xymon.invalid> wrote:


AH01630: client denied by server configuration:
/usr/local/xymon/server/www/

<Directory />
    AllowOverride none
     Require all denied
</Directory>

<Directory "/usr/local/xymon/server/www">
    Options Indexes FollowSymLinks Includes MultiViews
    Order allow,deny
    Allow from all
</Directory>
I notice that the distro-provided config uses "require all ..." whereas
the Xymon config uses "... from all".  From the Apache v2.2 to v2.4 upgrade
doco at

  http://httpd.apache.org/docs/current/upgrading.html#run-time

"In 2.4, such access control is done in the same way as other
authorization checks, using the new module mod_authz_host<http://httpd.apache.org/docs/current/mod/mod_authz_host.html>;.
The old access control idioms should be replaced by the new authentication
mechanisms, although for compatibility with old configurations, the new
module mod_access_compat<http://httpd.apache.org/docs/current/mod/mod_access_compat.html>is provided."

I suspect the "allow from all" is no longer valid, and you need to change
this from "allow from all" "require all granted".  Could be that there's a
warning in the Apache logs at the time you restarted it.

Alternatively, enable the compatibility module as indicated.

It looks like the Xymon installer needs to be updated to detect the use
of the new authorization module and install in a version of config files
that are compatible with Apache v2.4.

Cheers
Jeremy