httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Haneda <>
Subject Re: [users@httpd] .htaccess files not working from internet? intranet access fine
Date Sun, 11 Oct 2009 23:31:26 GMT
On Oct 11, 2009, at 2:57 PM, Kaya Saman wrote:

> I have a few servers running apache and some folders which  
> have .htaccess files in them, I can access these from any network  
> inside the NAT of my router however when it comes down to external  
> access from outside the NAT I always get permission denied;  
> authorized access only??

Sounds to me like this is a DNS issue.

> My systems are behind a reverse proxy handled by Squid but also  
> after Google'ing found that Squid doesn't care about .htaccess and  
> doesn't even know what it is.

Squid probably does not play a role in this.

> Another page I read claimed that it could be an issue of IPS  
> protection system in the firewall - however iptables doesn't contain  
> any config only default and isn't even running I think only in  
> conjunction with fail2ban to prevent DoS attacks. My router, a Cisco  
> 857W, also doesn't have IPS at all and IDS isn't enabled.

I doubt that is related, though possible, my gut tells me it is simpler.

> Can anyone help me find a solution to this situation?? I have  
> checked the logs for httpd/access_log and error_log only to find  
> nothing mentioned about denying anything.....

If you can load a hostname from within your network, yet not outside,  
that would tell me that when you are inside the network, the  
resolution of that hostname is turning up an IP that apache is happy  
to serve the results for.  When you are outside the network, that  
hostname is not the same IP as what is returned when you are inside  
the network.

> Any recommendations are appreciated! Thanks

I would run DNS lookups under both conditions.  To keep it simple, if  
your Web site you are trying to access is, from the  
working case, inside your network, open a terminal and run:
dig A

Look for the result of the A record, and what IP address is is showing.

Now, go to the outside network where this is not working, and run the  
same dig command.  I suspect you will find there is a different IP  
address being returned.  If you are not seeing any hits to the  
acces_log and error_log when outside the local network, it more than  
likely means you are simply not reaching the machine you think you are.

However, you mention you get an access denied error, can you tell us  
specifically what that error is, is it page 404 not found?  What is  
the http response code?

I do not see a Virtual Host container in your sample config you sent  
in, you probably just need to set one up for the host you are trying  
to reach.

Here is how I generally do it:
<VirtualHost *:80>
      DocumentRoot "/var/www/munin"
      DirectoryIndex index.html index.htm

      <Directory "/var/www/munin">
           Options FollowSymLinks
           AllowOverride All
           Order allow,deny
           allow from all

Scott * If you contact me off list replace talklists@ with scott@ *

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message