|
|
By Steve VanDevender (stevev@darkwing.uoregon.edu)
In early July, the web server software on DARKWING and GLADSTONE was upgraded to Apache HTTPD 1.3.0. Along with this upgrade, some configuration changes were made to improve the security of files that aren't part of user or system web pages, generally without affecting the use of advanced features by web page authors. Some users may experience minor problems, however. If you find you're one of them, here are some troubleshooting procedures that should help:
If your web pages encounter errors, first check the web server error logs for specific information. Apache 1.3.0 has substantially improved its error log messages; most provide a clear explanation of the cause of the error and a suggestion for fixing it.
You can find errors relating to your own web pages with a command like
% grep 'username/public_html' /httpd/logs/error_log
Replace 'username' with your own DARKWING or GLADSTONE username.
A few common post-upgrade errors are described below, with solutions:
1. Error: AuthName takes one argument, The authentication realm (e.g. "Members Only")
Solution: The AuthName directive is used as part of setting up password-protected web pages. Previously, it could be specified like this:
AuthName Members Only
Apache 1.3.0 now requires any argument to AuthName that contains embedded spaces be quoted, like this:
AuthName "Members Only"
2. Error: Permission denied: /home/username/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Solution: .htaccess files must be world-readable, just like other web files. Make your .htaccess files readable by typing the command
% chmod +r .htaccess
3. Error: /home/username/public_html/.htaccess: Options not allowed here
Solution: The use of the Options directive in user .htaccess files is disallowed to prevent circumventing security, so you must remove any Options directives in your .htaccess files or the web server will deny access to those directories. Use of most other .htaccess directives is not restricted. The options granted to all users by default with our system configuration are
Options Indexes ExecCGI Includes SymLinksIfOwnerMatch
AllowOverride Indexes AuthConfig FileInfo Limit
4. Error: Symbolic link not allowed: /home/username/public_html/link
Solution: If you made a symbolic link so that a file could be accessed under multiple names, or to link to a file outside your public_html directory, the web server will only honor the link if the owner of the link is the same as the owner of the file linked to.
The web server access logs in /httpd/logs/access_log now record numeric IP addresses instead of full host names for most accesses. This substantially improves server performance and decreases the load on name servers all over the Internet. If you wish to have host name information in log entries for your pages for web statistics programs, you can use a program called "logresolve."
For example, the command
% grep '/~username' /httpd/logs/access_log | logresolve
where "username" is your username, will extract access log entries relating to your web pages and replace numeric IP addresses with domain names when possible. Please be sparing in your use of "logresolve" to avoid bogging down our name server and others.
For more information about changes in Apache HTTPD 1.3.0, see
http://www.apache.org/docs/new_features _1_3.html and
http://www.apache.org/docs/upgrading_to _1_3.html
For general Apache HTTPD server information, see http://www.apache.org/docs/
If you have further questions, contact consult@gladstone.uoregon.edu or consult@darkwing.uoregon.edu