Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 77910 invoked by uid 500); 26 Mar 2003 20:29:40 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 77897 invoked from network); 26 Mar 2003 20:29:40 -0000 Received: from fep01-mail.bloor.is.net.cable.rogers.com (66.185.86.71) by daedalus.apache.org with SMTP; 26 Mar 2003 20:29:40 -0000 Received: from atw2.accesstheworld.com ([24.42.40.43]) by fep01-mail.bloor.is.net.cable.rogers.com (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with ESMTP id <20030326202943.LICJ4832.fep01-mail.bloor.is.net.cable.rogers.com@atw2.accesstheworld.com> for ; Wed, 26 Mar 2003 15:29:43 -0500 Content-Type: text/plain; charset="us-ascii" From: Tom Fleming Reply-To: Tom@AccessTheWorld.com To: "Apache" Date: Wed, 26 Mar 2003 15:29:42 -0500 User-Agent: KMail/1.4.3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-Id: <200303261529.42972.Tom@AccessTheWorld.com> X-Authentication-Info: Submitted using SMTP AUTH PLAIN at fep01-mail.bloor.is.net.cable.rogers.com from [24.42.40.43] using ID at Wed, 26 Mar 2003 15:29:43 -0500 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: [users@httpd] can't run cgi error log shows: client denied by server configuration looks o.k. to me,but ................ found something about file ownership,so changed cgi ownership/group=20 up,down,and sideways ....... no luck any help appreciated. Thanks in advance Tom =2E......................................................................= =2E................................. ### Common server configuration # User apache Group apache # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. # ServerAdmin root@localhost # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DO NOT MODIFY THIS ONE, USE httpd.conf and httpd-perl.conf #DocumentRoot /var/www/html # # Each directory to which Apache has access, can be configured with respe= ct # to which services and features are allowed and/or disabled in that # directory (and its subdirectories).=20 # # First, we configure the "default" to be a very restrictive set of=20 # permissions. =20 # # Also, for security, we disable indexes globally # # # Options -Indexes FollowSymLinks # AllowOverride None # #Restricted set of options=20 Options -All -Multiviews AllowOverride None Order deny,allow Deny from all # # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # # # UserDir: The name of the directory which is appended onto a user's home # directory if a ~user request is received. # UserDir public_html =20 # # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. # DirectoryIndex index.html index.php index.php3 index.shtml index.cgi=20 index.pl index.htm Default.htm default.htm # # AccessFileName: The name of the file to look for in each directory # for access control information. # AccessFileName .htaccess # # The following lines prevent .htaccess files from being viewed by # Web clients. Since .htaccess files often contain authorization # information, access is disallowed for security reasons. Comment # these lines out if you want Web visitors to see the contents of # .htaccess files. If you change the AccessFileName directive above, # be sure to make the corresponding changes here. # # Also, folks tend to use names such as .htpasswd for password # files, so this will protect those as well. # Order allow,deny Deny from all # # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with e= ach # document that was negotiated on the basis of content. This asks proxy # servers not to cache the document. Uncommenting the following line disa= bles # this behavior, and proxies will be allowed to cache the documents. # #CacheNegotiatedDocs # # UseCanonicalName: (new for 1.3) With this setting turned on, whenever # Apache needs to construct a self-referencing URL (a URL that refers bac= k # to the server the response is coming from) it will use ServerName and # Port to form a "canonical" name. With this setting off, Apache will # use the hostname:port that the client supplied, when possible. This # also affects SERVER_NAME and SERVER_PORT in CGI scripts. # UseCanonicalName On # # TypesConfig describes where the mime.types file (or equivalent) is # to be found. # TypesConfig conf/apache-mime.types # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. # If your server contains mostly text or HTML documents, "text/plain" is # a good value. If most of your content is binary, such as applications # or images, you may want to use "application/octet-stream" instead to # keep browsers from trying to display binary files as though they are # text. # DefaultType text/plain # # The mod_mime_magic module allows the server to use various hints from t= he # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # mod_mime_magic is not part of the default server (you have to add # it yourself with a LoadModule [see the DSO paragraph in the 'Global # Environment' section], or recompile the server and include mod_mime_mag= ic # as part of the configuration), so it's enclosed in an contai= ner. # This means that the MIMEMagicFile directive will only be processed if t= he # module is part of the server. # MIMEMagicFile conf/magic # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups On # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""=20 combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\= "=20 VLOG=3D%{VLOG}e" vhost # # The location and format of the access logfile (Common Logfile Format). #CustomLog logs/access_log common # # If you would like to have agent and referer logfiles, uncomment the # following directives. # #CustomLog logs/referer_log referer #CustomLog logs/agent_log agent # # If you prefer a single logfile with access, agent, and referer informat= ion # (Combined Logfile Format) you can use the following directive. # CustomLog logs/access_log combined # # Optionally add a line containing the server version and virtual host # name to server-generated pages (error documents, FTP directory listings= , # mod_status and mod_info output etc., but not CGI generated documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # ServerSignature Off # # Aliases: Add here as many aliases as you need (with no limit). The form= at is=20 # Alias fakename realname # # # Note that if you include a trailing / on fakename then the server w= ill # require it to be present in the URL. So "/icons" isn't aliased in = this # example, only "/icons/".. # Alias /icons/ /var/www/icons/ Alias /doc /usr/share/doc # # ScriptAlias: This controls which directories contain server scripts= =2E # ScriptAliases are essentially the same as Aliases, except that # documents in the realname directory are treated as applications and # run by the server when requested rather than as documents sent to t= he=20 client. # The same rules about trailing "/" apply to ScriptAlias directives a= s to # Alias. # ScriptAlias /cgi-bin/ /var/www/cgi-bin/ ScriptAlias /protected-cgi-bin/ /var/www/protected-cgi-bin/ =09#Provide two aliases to the same cgi-bin directory, =09#to see the effects of the 2 different mod_perl modes =09#for Apache::Registry Mode =09Alias /perl/ /var/www/perl/ =09#for Apache::Perlrun Mode =09Alias /cgi-perl/ /var/www/perl/ # End of aliases. # # Redirect allows you to tell clients about documents which used to exist= in # your server's namespace, but do not anymore. This allows you to tell th= e # clients where to look for the relocated document. # Format: Redirect old-URI new-URL # # # Directives controlling the display of server-generated directory listin= gs. # # # FancyIndexing is whether you want fancy directory indexing or stand= ard # IndexOptions FancyIndexing # # AddIcon* directives tell the server which icon to show for differen= t # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip .bz2 AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py .php .php3 AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ # # DefaultIcon is which icon to show for files which do not have an ic= on # explicitly set. # DefaultIcon /icons/unknown.gif # # AddDescription allows you to place a short description after a file= in # server-generated indexes. These are only displayed for FancyIndexe= d # directories. # Format: AddDescription "description" filename # #AddDescription "GZIP compressed document" .gz #AddDescription "tar archive" .tar #AddDescription "GZIP compressed tar archive" .tgz # # ReadmeName is the name of the README file the server will look for = by # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to # directory indexes.=20 # # If MultiViews are amongst the Options in effect, the server will # first look for name.html and include it if found. If name.html # doesn't exist, the server will then look for name.txt and include # it as plaintext if found. # ReadmeName README HeaderName HEADER # # IndexIgnore is a set of filenames which directory indexing should i= gnore # and not include in the listing. Shell-style wildcarding is permitt= ed. # IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t # End of indexing directives. # # Document types. # # # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+)=20 uncompress # information on the fly. Note: Not all browsers support this. # Despite the name similarity, the following Add* directives have not= hing # to do with the FancyIndexing customization directives above. # AddEncoding x-compress Z AddEncoding x-gzip gz tgz # # AddLanguage allows you to specify the language of a document. You c= an # then use content negotiation to give a browser a file in a language # it can understand. =20 # # Note 1: The suffix does not have to be the same as the language=20 # keyword --- those with documents in Polish (whose net-standard=20 # language code is pl) may wish to use "AddLanguage pl .po" to=20 # avoid the ambiguity with the common suffix for perl scripts. # # Note 2: The example entries below illustrate that in quite # some cases the two character 'Language' abbreviation is not # identical to the two character 'Country' code for its country, # E.g. 'Danmark/dk' versus 'Danish/da'. # # Note 3: In the case of 'ltz' we violate the RFC by using a three ch= ar=20 # specifier. But there is 'work in progress' to fix this and get=20 # the reference data for rfc1766 cleaned up. # # Danish (da) - Dutch (nl) - English (en) - Estonian (ee) # French (fr) - German (de) - Greek-Modern (el) # Italian (it) - Korean (kr) - Norwegian (no) # Portugese (pt) - Luxembourgeois* (ltz) # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz) # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) # Russian (ru) # AddLanguage da .dk AddLanguage nl .nl AddLanguage en .en AddLanguage et .ee AddLanguage fr .fr AddLanguage de .de AddLanguage el .el AddLanguage he .he AddCharset ISO-8859-8 .iso8859-8 AddLanguage it .it AddLanguage ja .ja AddCharset ISO-2022-JP .jis AddLanguage kr .kr AddCharset ISO-2022-KR .iso-kr AddLanguage no .no AddLanguage pl .po AddCharset ISO-8859-2 .iso-pl AddLanguage pt .pt AddLanguage pt-br .pt-br AddLanguage ltz .lu AddLanguage ca .ca AddLanguage es .es AddLanguage sv .se AddLanguage cz .cz AddLanguage ru .ru AddLanguage zh-tw .tw AddLanguage tw .tw AddCharset Big5 .Big5 .big5 AddCharset WINDOWS-1251 .cp-1251 AddCharset CP866 .cp866 AddCharset ISO-8859-5 .iso-ru AddCharset KOI8-R .koi8-r AddCharset UCS-2 .ucs2 AddCharset UCS-4 .ucs4 AddCharset UTF-8 .utf8 # LanguagePriority allows you to give precedence to some languages # in case of a tie during content negotiation. # # Just list the languages in decreasing order of preference. We have # more or less alphabetized them here. You probably want to change th= is. # LanguagePriority en fr de es it da nl et el ja kr no pl pt pt-br = ru=20 ltz ca sv tw # # AddType allows you to tweak mime.types without actually editing it,= or=20 to # make certain files to be certain types. # # For example, the PHP 3.x module (not part of the Apache distributio= n -=20 see # http://www.php.net) will typically use: # #AddType application/x-httpd-php3 .php3 #AddType application/x-httpd-php3-source .phps # # And for PHP 4.x, use: # #AddType application/x-httpd-php .php #AddType application/x-httpd-php-source .phps AddType application/x-tar .tgz # # AddHandler allows you to map certain file extensions to "handlers", # actions unrelated to filetype. These can be either built into the s= erver # or added with the Action command (see below) # # If you want to use server side includes, or CGI outside # ScriptAliased directories, uncomment the following lines. # # To use CGI scripts: # AddHandler cgi-script .cgi # # To use server-parsed HTML files # AddType text/html .shtml AddHandler server-parsed .shtml # # Uncomment the following line to enable Apache's send-asis HTTP file # feature # #AddHandler send-as-is asis # # If you wish to use server-parsed imagemap files, use # AddHandler imap-file map # # To enable type maps, you might want to use # #AddHandler type-map var # End of document types. # # Action lets you define media types that will execute a script whenever # a matching file is called. This eliminates the need for repeated URL # pathnames for oft-used CGI file processors. # Format: Action media/type /cgi-script/location # Format: Action handler-name /cgi-script/location # # # MetaDir: specifies the name of the directory in which Apache can find # meta information files. These files contain additional HTTP headers # to include when sending the document # #MetaDir .web # # MetaSuffix: specifies the file name suffix for the file containing the # meta information. # #MetaSuffix .meta # # Customizable error response (Apache style) # these come in three flavors # # 1) plain text #ErrorDocument 500 "The server made a boo boo. # n.b. the single leading (") marks it as text, it does not get output # # 2) local redirects #ErrorDocument 404 /missing.html # to redirect to local URL /missing.html #ErrorDocument 404 /cgi-bin/missing_handler.pl # N.B.: You can redirect to a script or a document using=20 server-side-includes. # # 3) external redirects #ErrorDocument 402 http://some.other_server.com/subscription_info.html # N.B.: Many of the environment variables associated with the original # request will *not* be available to such a script. Options Multiviews ErrorDocument 404 "The document you requested has not been installed on y= our=20 system. Please install the apache-manual package. # # Customize behaviour based on the browser # # # The following directives modify normal HTTP response behavior. # The first directive disables keepalive for Netscape 2.x and browser= s=20 that # spoof it. There are known problems with these browser implementatio= ns. # The second directive is for Microsoft Internet Explorer 4.0b2 # which has a broken HTTP/1.1 implementation and does not properly # support keepalive when it is used on 301 or 302 (redirect) response= s. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-= 1.0 # # The following directive disables HTTP/1.1 responses to browsers whi= ch # are in violation of the HTTP/1.0 spec by not being able to grok a # basic 1.1 response. # BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # End of browser customization directives # # Allow server status reports, with the URL of http://servername/server-s= tatus # Change the ".your_domain.com" to match your domain to enable. # SetHandler server-status Order deny,allow Deny from all allow from 127.0.0.1 #Allow from .your_domain.com # # ExtendedStatus controls whether Apache will generate "full" status # information (ExtendedStatus On) or just basic information (ExtendedStat= us # Off) when the "server-status" handler is called. The default is Off. # #ExtendedStatus On # # Allow remote server configuration reports, with the URL of # http://servername/server-info (requires that mod_info.c be loaded). # Change the ".your_domain.com" to match your domain to enable. # =09SetHandler server-info =09Order deny,allow =09Deny from all =09Allow from .your_domain.com =09SetHandler perl-script =09PerlHandler Apache::Status =09Order deny,allow =09Deny from all =09Allow from 127.0.0.1 # # There have been reports of people trying to abuse an old bug from pre-1= =2E1 # days. This bug involved a CGI script distributed as a part of Apache. # By uncommenting these lines you can redirect these attacks to a logging= =20 # script on phf.apache.org. Or, you can record them yourself, using the=20 script # support/phf_abuse_log.cgi. # # # Deny from all # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi # # # Proxy Server directives. Uncomment the following lines to # enable the proxy server: # # # ProxyRequests On # # Order deny,allow # Deny from all # Allow from .your_domain.com # # # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via:=20 headers) # Set to one of: Off | On | Full | Block # # ProxyVia On # # To enable the cache as well, edit and uncomment the following lines= : # (no cacheing without CacheRoot) # # CacheRoot /var/cache/httpd # CacheSize 5 # CacheGcInterval 4 # CacheMaxExpire 24 # CacheLastModifiedFactor 0.1 # CacheDefaultExpire 1 # NoCache a_domain.com another_domain.edu joes.garage_sale.com # # End of proxy directives. # DavLockDB /var/lock/DAVLock # XBitHack on # # This should be changed to whatever you set DocumentRoot to. # # # This may also be "None", "All", or any combination of "Indexes", # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # Options -Indexes FollowSymLinks MultiViews # # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo= ",=20 # "AuthConfig", and "Limit" # AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all AllowOverride All Options -Indexes FollowSymLinks MultiViews ExecCGI Order allow,deny Allow from all AllowOverride All Options ExecCGI AllowOverride None Options ExecCGI Order deny,allow Deny from all Allow from 127.0.0.1 #allow from .your_domain.com # # Control access to UserDir directories. The following is an example # for a site where these directories are restricted to read-only. # # # AllowOverride FileInfo AuthConfig Limit # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec # # Order allow,deny # Allow from all # # # Order deny,allow # Deny from all # # # These settings are pretty flexible, and allow for Frontpage and XSSI AllowOverride All Options MultiViews -Indexes Includes FollowSymLinks Order allow,deny Allow from all Options +ExecCGI -Includes -Indexes SetHandler cgi-script =09SetHandler perl-script =09PerlHandler Apache::PerlRun =09Options -Indexes ExecCGI =09PerlSendHeader On Options -Indexes MultiViews AllowOverride None Order allow,deny Allow from all Options Indexes FollowSymLinks Order deny,allow Deny from all Allow from 127.0.0.1 #allow from .your_domain.com Options Indexes FollowSymLinks Options +Includes PerlModule Apache::Registry =20 #set Apache::Registry Mode for /perl Alias =09SetHandler perl-script =09PerlHandler Apache::Registry =09Options -Indexes ExecCGI =09PerlSendHeader On #set Apache::PerlRun Mode for /cgi-perl Alias =09SetHandler perl-script =09PerlHandler Apache::PerlRun =09Options -Indexes ExecCGI =09PerlSendHeader On --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org