Tag Archives: apache

[access_compat:error] [pid 28167:tid 140515211155200] [client xx.xx.xx.xx:37918] AH01797: client denied by server configuration: /var/www/html/

Forbidden You don’t have permission to access / on this server

You should check directory permissions: namei -l /var/www/html/, if permissions are fine you need check virtual host configuration if there are no such options like ‘Deny from all’, if virtual host fine, you need search for .htaccess like this: find / -type f -name .htaccess

apache add virtualhost from cli

This works for Debian and Ubuntu apache create/delete virtual host:

#!/bin/bash
### Set Language
TEXTDOMAIN=virtualhost

### Set default parameters
action=$1
domain=$2
rootdir=$3
owner=$(who am i | awk '{print $1}')
email='webmaster@localhost'
sitesEnable='/etc/apache2/sites-enabled/'
sitesAvailable='/etc/apache2/sites-available/'
userDir='/var/www/'
sitesAvailabledomain=$sitesAvailable$domain.conf

### don't modify from here unless you know what you are doing ####

if [ "$(whoami)" != 'root' ]; then
echo $"You have no permission to run $0 as non-root user. Use sudo"
exit 1;
fi

if [ "$action" != 'create' ] && [ "$action" != 'delete' ]
then
echo $"You need to prompt for action (create or delete) -- Lower-case only"
exit 1;
fi

while [ "$domain" == "" ]
do
echo -e $"Please provide domain. e.g.dev,staging"
read domain
done

if [ "$rootdir" == "" ]; then
rootdir=${domain//./}
fi

if [ "$action" == 'create' ]
then
### check if domain already exists
if [ -e $sitesAvailabledomain ]; then
echo -e $"This domain already exists.\nPlease Try Another one"
exit;
fi

### check if directory exists or not
if ! [ -d $userDir$rootdir ]; then
### create the directory
mkdir $userDir$rootdir
### give permission to root dir
chmod 755 $userDir$rootdir
### write test file in the new domain dir
if ! echo "" > $userDir$rootdir/phpinfo.php
then
echo $"ERROR: Not able to write in file $userDir/$rootdir/phpinfo.php. Please check permissions"
exit;
else
echo $"Added content to $userDir$rootdir/phpinfo.php"
fi
fi

### create virtual host rules file
if ! echo "

ServerAdmin $email
ServerName $domain
ServerAlias $domain
DocumentRoot $userDir$rootdir

AllowOverride All


Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted

ErrorLog /var/log/apache2/$domain-error.log
LogLevel error
CustomLog /var/log/apache2/$domain-access.log combined
" > $sitesAvailabledomain
then
echo -e $"There is an ERROR creating $domain file"
exit;
else
echo -e $"\nNew Virtual Host Created\n"
fi

### Add domain in /etc/hosts
if ! echo "127.0.0.1 $domain" >> /etc/hosts
then
echo $"ERROR: Not able to write in /etc/hosts"
exit;
else
echo -e $"Host added to /etc/hosts file \n"
fi

if [ "$owner" == "" ]; then
chown -R $(whoami):$(whoami) $userDir$rootdir
else
chown -R $owner:$owner $userDir$rootdir
fi

### enable website
a2ensite $domain

### restart Apache
/etc/init.d/apache2 reload

### show the finished message
echo -e $"Complete! \nYou now have a new Virtual Host \nYour new host is: http://$domain \nAnd its located at $userDir$rootdir"
exit;
else
### check whether domain already exists
if ! [ -e $sitesAvailabledomain ]; then
echo -e $"This domain does not exist.\nPlease try another one"
exit;
else
### Delete domain in /etc/hosts
newhost=${domain//./\\.}
sed -i "/$newhost/d" /etc/hosts

### disable website
a2dissite $domain

### restart Apache
/etc/init.d/apache2 reload

### Delete virtual host rules files
rm $sitesAvailabledomain
fi

### check if directory exists or not
if [ -d $userDir$rootdir ]; then
echo -e $"Delete host root directory ? (y/n)"
read deldir

if [ "$deldir" == 'y' -o "$deldir" == 'Y' ]; then
### Delete the directory
rm -rf $userDir$rootdir
echo -e $"Directory deleted"
else
echo -e $"Host directory conserved"
fi
else
echo -e $"Host directory not found. Ignored"
fi

### show the finished message
echo -e $"Complete!\nYou just removed Virtual Host $domain"
exit 0;
fi

Satisfy Any vs Satisfy All

The Satisfy directive controls how Authentication directives (used for password protection) and access directives (e.g. Allow/Deny) interact with each other. You can instruct your Apache server to allow requests if either authentication or access requirements are met. Or you can insist that all criteria are met before allowing the request.

apache mpm-itk

mpm-itk is a fork of mpm-prefork, which allows you to configure individual Apache vhosts to run as specified users and groups. This makes it extremely secure if used in a shared hosting environment.

yum install –enablerepo=webtatic httpd-itk

vi /etc/sysconfig/httpd
HTTPD=/usr/sbin/httpd.itk

VirtualHost *:80 :
ServerName linux4you.tk
DocumentRoot /var/www/htm/linux4you.tk
AssignUserId vuser vgroup

service httpd start