#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    3
    Rep Power
    0
    [Solaris 7- Apache 1.3.12 - Perl 5.6.0]
    Upon attempting to access and browse the cgi-bin directory via http://dev.cte.net/cgi-bin [my acutal site], I keep getting a Forbidden (HTTP 403) error.

    The User/Group permissions for the Document Root directory and all subdirectories are set to "nobody/nobody". CHMOD 777, to remove the possiblility of permissions violation.

    I belive that the problem lies with the httpd.conf file. But am often wrong.

    . . .
    User nobody
    Group nobody
    ServerName dev.cte.net
    DocumentRoot "/opt/local/etc/httpd"
    <Directory />
    Options None
    AllowOverride None
    </Directory>
    <Directory "/opt/local/etc/http">
    Options Indexes FollowSymLinks IncludesNOEXEC
    AllowOverride AuthConfig Limit
    Order deny,allow
    Allow from all
    </Directory>
    Userdir disabled
    AccessFileName .htaccess
    <Files .htaccess>
    Order allow,deny
    Deny from all
    <Files>
    ...
    <IfModule mod_alias.c>
    ...
    ScriptAlias /cgi-bin/ "/opt/local/etc/httpd/cgi-bin/"
    ScriptAlias /cgi-bin "/opt/local/etc/httpd/cgi-bin/"
    <Directory "/opt/local/etc/httpd/cgi-bin/"
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    </Directory>
    ...
    AddHandler cgi-script .cgi .pl
    AddType text/html .shtml
    AddHandler server-parsed .shtml
    ...

    I am not accessing a cgi-bin directory from a userdir, so the <Directory /home/*/public_html> should not be the culprit?! And I have tried multiple tweakings of the permissions AllowOverride/Order to no avail.

    If it helps, I have also setup a virtual site [unix.cte.net], and upon browsing to it, I get the same error, even though I am pointing to a different cgi-bin directory. Under the Virtual Sites section of the httpd.conf, I changed the ScriptAlias to point to another cgi-bin directory, off of its root. Which possible suggests a problem with a global config/permission, which the virtual site defaults too, in the absence of an entry. Upon using Netscape to drill-down to the directory: /opt/local/etc/httpd/cgi-bin (as compared to browsing), clicking on the perl/cgi-scripts, results in a display of the code, rather than running it. [Of course this problem could be a separate issue.

    Any assistance or recommendations would be appreciated, if not greatly welcome. I am about to go from crazy to insane over it.

    Sincerely,

    -Plain Crazy
  2. #2
  3. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    There are quite a few mistakes here...

    1) <Files .htaccess>

    Should be <Files ~ "^.htaccess$">

    2) ScriptAlias /cgi-bin/ "/opt/local/etc/httpd/cgi-bin/"

    You should place cgi-bin above your docroot

    3) Remove the duplicate ScriptAlias line

    4) <Directory "/opt/local/etc/httpd/cgi-bin/"
    AllowOverride None
    Options None

    The closing <Directory> block
    "Options None" should be "Options ExecCGI" at the very least, otherwise, it defeats the purpose of having a cgi-bin.

    5) <Directory "/opt/local/etc/http">

    Is "http" a typo? Should it be "httpd" instead?

    6) Any DirectoryIndex directive somewhere? If not and you don't want to get [403] error, at the line "Options Indexes FollowSymLinks IncludesNOEXEC", remove the "Indexes".
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    3
    Rep Power
    0
    Still getting the 403. Made the modifications though, as seen below. Have a DirectoryIndex setup as well.

    Is it possible that Apache prevents directory browsing to the cgi-bin directory--i.e., http://dev.cte.net/cgi-bin--while still allowing the execution of scripts contained in it.

    -Plain Crazy

    Port 80
    Listen 80
    <IfDefine SSL>
    Listen 443
    </IfDefine>
    User nobody
    Group nobody
    ServerAdmin root@centurytel.com
    ServerName dev.cte.net
    ScriptAlias /cgi-bin/ "/opt/local/etc/httpd/cgi-bin/"
    <Directory "/opt/local/etc/httpd/cgi-bin/">
    AllowOverride AuthConfig Limit
    Options ExecCGI
    Order allow,deny
    Allow from all
    </Directory>
    DocumentRoot "/opt/local/etc/httpd"
    <Directory />
    Options None
    AllowOverride None
    </Directory>
    <Directory "/opt/local/etc/httpd">
    Options FollowSymLinks IncludesNOEXEC
    AllowOverride AuthConfig Limit
    Order allow,deny
    Allow from all
    </Directory>
    UserDir disabled
    DirectoryIndex index.html index.htm index.shtml index.php3 index.php
    AccessFileName .htaccess
    <Files ~ "^.htaccess$">
    Order allow,deny
    Deny from all
    </Files>
    UseCanonicalName On
    TypesConfig /opt/local/apache/conf/mime.types
    DefaultType text/plain
    <IfModule mod_mime_magic.c>
    MIMEMagicFile /opt/local/apache/conf/magic
    </IfModule>
    HostnameLookups Off
    ErrorLog /opt/local/apache/logs/error_log
    LogLevel warn
    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
    LogFormat "%h %l %u %t "%r" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    CustomLog /opt/local/apache/logs/access_log combined
    ServerSignature Off
    <IfModule mod_alias.c>
    Alias /icons/ "/opt/local/apache/icons/"
    <Directory "/opt/local/apache/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    </IfModule>
    ...[Languages]...
    AddHandler cgi-script .cgi .pl
    AddType text/html .shtml
    AddHandler server-parsed .shtml
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    BrowserMatch "RealPlayer 4.0" force-response-1.0
    BrowserMatch "Java/1.0" force-response-1.0
    BrowserMatch "JDK/1.0" force-response-1.0
    ErrorDocument 401 /error/missing.html
    ErrorDocument 404 /error/missing.html
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2000
    Posts
    3
    Rep Power
    0
    I figured it out. It was the

    <Directory>
    Options. . .
    AllowOverride. . .
    Order. . .
    Allow. . .
    </Directory>

    settings, not only for the webroot directory, but also the cgi-bin directory as well.

    Thanks for your posting FreeBSD, as it put me on the right path to figuring it out.

    -Plain Crazy

IMN logo majestic logo threadwatch logo seochat tools logo