4

I'm running Apache 2.4.7 on debian unstable. I'm getting 403 errors when I try to run supysonic using the mod_wsgi module. I turned the LogLevel for wsgi and authz_core up to trace6, but I'm still not getting any useful messages. Note that I'm using mod_access_compat, so the Order ... Allow combination is valid.

I'd like to see specifically what config file (for instance some .htaccess file somewhere, or one of the standard apache or debian config files) and what line contains the rule that generates a 403 error.

I have manually walked the tree, checking at each level that the user the web server is running as has read permissions for files, and read and execute for directories.

my /etc/apache2/apache.conf file iincludes the line:

LogLevel info authz_core:trace6 wsgi:trace6

The apache config file for supysonic, /etc/apache2/conf-enabled/supysonic.conf is:

WSGIScriptAlias /supysonic /mnt/large_vol/home/bminton/public_html/programs/supysonic
<Directory /mnt/large_vol/home/bminton/public_html/programs/supysonic>
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all
</Directory>

The error log contains the following lines: 



[Wed Jan 15 08:40:34.106119 2014] [authz_core:debug] [pid 13558] mod_authz_core.c(802): [client 127.0.0.1:58438] AH01626: authorization result of Require all denied: denied
[Wed Jan 15 08:40:34.106197 2014] [authz_core:debug] [pid 13558] mod_authz_core.c(802): [client 127.0.0.1:58438] AH01626: authorization result of <RequireAny>: denied
[Wed Jan 15 08:40:34.106208 2014] [authz_core:error] [pid 13558] [client 127.0.0.1:58438] AH01630: client denied by server configuration: /mnt/large_vol/home/bminton/public_html/programs/supysonic
[Wed Jan 15 08:40:34.113336 2014] [:info] [pid 13571] mod_wsgi (pid=13571): Initializing Python.
[Wed Jan 15 08:40:34.154407 2014] [:info] [pid 13571] mod_wsgi (pid=13571): Attach interpreter ''.
Improve this question

1 Answer 1

Reset to default
3

A 403 error is related to user authorization, it's not really about you application code.

You said you were using apache version 2.4, then this is certainaly wrong:

Order deny,allow
Allow from all

This should now be written this way (1 line only):

Require all granted
Improve this answer
7
  • 2
    I am using mod_access_compat. That doesn't answer the question, which apache config file, and which line, is triggering the 403.
    – Brian Minton
    Jan 20, 2014 at 19:16
  • 1
    ok, try to raise the debug level on the other activated auth modules (and test the require all granted syntax in case of mod_access_compat error), then add debug level on mod_access_compact also.
    – regilero
    Jan 21, 2014 at 9:25
  • 1
    It still doesn't tell me which file has the relevant Require line that i triggering the error.
    – Brian Minton
    Jan 23, 2014 at 16:49
  • 2
    here's my LogLevel line: LogLevel info wsgi:trace6 auth_basic:trace6 authn_core:trace6 authnz_external:trace6 authz_host:trace6 authn_file:trace6 authz_core:trace6 authz_owner:trace6. I didn't get any more debugging info in the error log at the time of the request. If you like, I can paste the whole log on pastebin. The logs show lots of lines showing authorization granted, or denied, but not the config file triggering it, which is not very helpful. I'd be willing to try changing all my configs to the new require syntax, but that would be a huge pain, since I have lots of config files.
    – Brian Minton
    Jan 24, 2014 at 16:58
  • 1
    well, showing the logs could be a good thing. Logs won't tell you the line of original config, but maybe somewhere the detail of what you have in the Require. And try altering only this single place of configuration with the new syntax, not the whole configurations files.
    – regilero
    Jan 24, 2014 at 17:48

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .