Search Results

Search found 666 results on 27 pages for '403'.

Page 7/27 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

    - by Itay Levin
    Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="[email protected]" connectionPassword="password" userBase="CN=Users" referrals="follow" userSearch="(sAMAccountName={0})" userSubtree="true" roleBase="CN=Users" roleName="name" roleSubtree="true" roleSearch="(member={1})"/> I have also configured the web.xml under my appfolder to contain the following: <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>WaterlooUsers</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Tube</web-resource-name> <url-pattern>/ComposeMessage.jsp</url-pattern> <url-pattern>/PageStatus.jsp</url-pattern> <url-pattern>/UserStatus.jsp</url-pattern> <url-pattern>/SearchEC.jsp</url-pattern> <url-pattern>/SearchEC2.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsEC.jsp</url-pattern> <url-pattern>/SearchMessageStatus.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsPager.jsp</url-pattern> <url-pattern>/SearchPageStatus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WaterlooUsers</role-name> </auth-constraint> </security-constraint> In my Active directory i have created a new group called WaterlooUsers It's distinguish name is : distinguishedName: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com It has a property member which contains the following user: member: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com (which is my user) My record on the active directory looks like that: sAMAccountName: itayL distinguishedName: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com memberOf: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com and when i get the popup for user/password i enter the username "ItayL" in the authentication message box (and my password) I have 2 questions: How do i configure correctly the roles parameters correctly in the Realm section in the server.xml to enable me to both authenticate and authorize both this group of users WaterlooUsers and also assign them to the appropriate role so that they can see all the relevant pages in my website. - currently it seems that all the Users in my domain are authenticated to the site but get the http-403 Error and can't access any of the pages in the site. I also want to be able to create 2 different set of roles in my site - which can both have access to the same pages - but will see different things on the page. (for instance adding some administrative ability to the admin) Hope it was clear enough and not too long. Thanks in advance, Itay

    Read the article

  • Apache Options -Indexes give me 404 instead of 403, why?

    - by netmano
    I have an Apache/2.2.21 (Debian) webserver, which I disabled directory listing with Options -Indexes but now I got 404 error for a directory, but I think I should get a 403. I have no idea why I get 404, rather than 403. What should I check? I have disabled autoindex module, after it I got a 404 for every URL that request a directory listing (eg: www.somesite.com/dir ). How can I get a 403 for this. (The dir does exist) As a try I also put Options -Index in the end of main config file (apache2.conf).

    Read the article

  • How can we achive a 403 Permissions Denied for a subdomain?

    - by marikamitsos
    We have a multisite installed in the root directory (multisite.com) and also a wordpress single installation on a subdomain (help.multisite.com) In the root .htaccess we placed: #START Security: Disallow access to folders Options All -Indexes # END Security On the main site (as expected we get) "403 Permission Denied. You do not have permission for this request /wp-content/blogs.dir/83/" Nice. :) BUT. We just noticed that when trying to access the subdomains folders we get: Internal Server Error. The server encountered an internal error or misconfiguration and was unable to complete your request.... Additionally, a 500 Internal Server Error error... This is something we do NOT want. So the question is: How can we avoid the above result and make the message for the subdomains be "403 Permission Denied" (the same as for the main site and NOT "500 Internal Server Error" (as it is now)? We put what, where?

    Read the article

  • How to resolve "HTTP/1.1 403 Forbidden" errors from iCal/CalDAV server after upgrade to Snow Leopard Server?

    - by morgant
    We recently upgraded our Open Directory Master & Replica to Mac OS X 10.6.4 Snow Leopard Server. We had a mismatched server FQDN & LDAP Search Base/Kerberos Realm, so we exported all users & groups, created the new Open Directory Master w/matching FQDN & Search Base/Realm, reimported users & groups, and re-bound all servers & workstations to the new OD Master. At the same time as all of this, we upgraded our iCal/CalDAV server to Mac OS X 10.6.4 Snow Leopard Server. Ever since doing so, we've seen the following issues with our iCal/CalDAV server and iCal clients on both Mac OS X 10.5 Leopard & Mac OS X 10.6: If a user attempts to move or delete an event (single or repeating) that was created prior to the upgrade to 10.6 Server, they get the following error: Access to "blah" in "blah" in account "blah" is not permitted. The server responded: "HTTP/1.1 403 Forbidden" to operation CalDAVWriteEntityQueueableOperation. New users added to the directory get the following error when attempting to add their account to in iCal's preferences: The user "blah" has no configured pricipals. Confirm with your network administrator that your account has at least one CalDAV principal configured. Interestingly, we've since discovered that users seem to be able to delete individual events from an old repeating event without error, but that's a massive amount of work to get rid of a repeating event. I will note that we have not yet added an SRV record in DNS as instructed on page 19 of iCal_Server_Admin_v10.6.pdf. Further Investigation: In this particular case, a user is attempting to decline repeating events created prior to the upgrade to Snow Leopard Server. Granting the user full write access with sudo calendarserver_manage_principals --add-write-proxy users:user1 users:user2 (which did work) doesn't allow deletion of the events. Still get the usual error: Access to "blah blah" in "blah blah" in account "blah blah" is not permitted. The server responded: "HTTP/1.1 403 Forbidden" to operation CalDAVWriteEntityQueueableOperation. The error that shows up in /var/log/caldavd/error.log on the iCal Server when attempting to delete one of the events is: 2011-03-17 15:14:30-0400 [-] [caldav-8009] [PooledMemCacheProtocol,client] [twistedcaldav.extensions#info] PUT /calendars/__uids__/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/calendar/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.ics HTTP/1.1 2011-03-17 15:14:30-0400 [-] [caldav-8009] [PooledMemCacheProtocol,client] [twistedcaldav.scheduling.implicit#error] Cannot change ORGANIZER: UID:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX And the error in /var/log/system.log on the client is: Mar 17 15:14:30 192-168-21-169-dhcp iCal[33509]: CalDAV CalDAVWriteEntityQueueableOperation failed: status 'HTTP/1.1 403 Forbidden' request:\n\nBEGIN:VCALENDAR^M\nVERSION:2.0^M\nPRODID:-//Apple Inc.//iCal 3.0//EN^M\nCALSCALE:GREGORIAN^M\nBEGIN:VTIMEZONE^M\nTZID:US/Eastern^M\nBEGIN:DAYLIGHT^M\nTZOFFSETFROM:-0500^M\nTZOFFSETTO:-0400^M\nDTSTART:20070311T020000^M\nRRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU^M\nTZNAME:EDT^M\nEND:DAYLIGHT^M\nBEGIN:STANDARD^M\nTZOFFSETFROM:-0400^M\nTZOFFSETTO:-0500^M\nDTSTART:20071104T020000^M\nRRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU^M\nTZNAME:EST^M\nEND:STANDARD^M\nEND:VTIMEZONE^M\nBEGIN:VEVENT^M\nSEQUENCE:5^M\nDTSTART;TZID=US/Eastern:20090117T094500^M\nDTSTAMP:20081227T143043Z^M\nSUMMARY:blah blah^M\nATTENDEE;CN="First Last";CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT:urn:uuid^M\n :XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX^M\nATTENDEE;CN="First Last";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED:mailto:user@d^M\n omain.tld^M\nEXDATE;TZID=US/Eastern:20110319T094500^M\nDTEND;TZID=US/Eastern:20090117T183000^M\nRRULE:FREQ=WEEKLY;INTERVAL=1^M\nTRANSP:OPAQUE^M\nUID:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX^M\nORGANIZER;CN="First Last":mailto:[email protected]^M\nX-WR-ITIPSTATUSML:UNCLEAN^M\nCREATED:20110317T191348Z^M\nEND:VEVENT^M\nEND:VCALENDAR^M\n\n\n... response:\nHTTP/1.1 403 Forbidden^M\nDate: Thu, 17 Mar 2011 19:14:30 GMT^M\nDav: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-availability, inbox-availability, calendar-proxy, calendarserver-private-events, calendarserver-private-comments, calendarserver-principal-property-search^M\nContent-Type: text/xml^M\nContent-Length: 134^M\nServer: Twisted/8.2.0 TwistedWeb/8.2.0 TwistedCalDAV/2.5 (iCal Server v12.56.21)^M\n^M\n<?xml version='1.0' encoding='UTF-8'?><error xmlns='DAV:'>^M\n <valid-attendee-change xmlns='urn:ietf:params:xml:ns:caldav'/>^M\n</error> One thing I have noticed, and I'm not sure if this has any real effect is that in many of these pre-Snow Leopard Server migration events, the ORGANIZER is specified like the following: ORGANIZER;CN=First Last:mailto:[email protected] But newer ones are more like one of the two following: ORGANIZER;CN=First Last;[email protected];SCHEDULE-STATUS=1 ORGANIZER;CN=First Last;[email protected]:urn:uuid:XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX iCal_Server_Admin_v10.6.pdf notes that the ".db.sqlite" files are completely disposable, they're merely a performance cache and are re-built on the fly, so are safe to delete. I did delete the one for the organizer's calendars and it took longer to process the attempted event delete while it rebuilt the database, but still errored out in the end. FWIW the error is thrown by this code: https://trac.calendarserver.org/browser/CalendarServer/trunk/twistedcaldav/scheduling/implicit.py Any further suggestions? I see lots of questions about this in my Google searches, but not solutions and this is a widespread problem on our iCal Server. Now, we mostly try to get users to ignore them (hence the amount of time this question has been open), but every now and then I dig in deeper trying to find the culprit and/or solution.

    Read the article

  • WAMP - phpmyadmin 403 error from localhost, but not from IP 127.0.0.1?

    - by kdub
    I was wondering if anyone can explain this to me. I installed WAMP 2.2. I opened up the dashboard menu, and clicked localhost. I was brought to the WAMP localhost home page. I clicked on phpmyadmin and get a 403 access is denied error message. However, if I type in the ip address 127.0.0.1/phpmyadmin in the address bar, then VOILA, I am in (however, I am not prompted to login to phpmyadmin, I am instantly brought to the phpmyadmin homepage) Please note, I have found the solution to get rid of the 403 error message when entering phpmyadmin from the the localhost extension (change the Deny all setting to Allow all); so I am not asking how to solve that, but my question is: Why if localhost and 127.0.0.1 go to the same spot, will when using the IP addres, I am granted access to subsequent applications and with localhost I am not? Any feedback would be greatly appreciated.

    Read the article

  • 403 Forbidden for web root on Apache on Mac OS X v10.7, but can access user directories

    - by philosophistry
    When I access http://localhost/ I get 403 Forbidden, but if I access http://localhost/~username it serves up pages. Things I've tried: Checking error logs Swapping out with original httpd conf files Changing DocumentRoot to my user directory (after all that should work if I can access ~username) I've seen 30 plus Q&A sites that all point to people having trouble with user directories being forbidden. I have the opposite problem, and so I'm tearing my hair out here.

    Read the article

  • Why do I get a 403 error when accessing my apache server?

    - by nishan
    Im running Ubuntu 12.04 LTS on a system with 2 GB RAM and a 500 GB HDD. My hard drive has 4 partitions: Partition 1 = 40 gb Windows (NTFS, lable = win32) Partition 2 = 320 gb Windows (FAT label = common) Partition 3 = 40 gb Ubuntu (EXT4) I installed apached2. Then, to change its default www directory, I ran gksu gedit /etc/apache2/sites-enabled/000-default and, in the editor, changed the location to /media/common/www. After that I ran these commands in a terminal: chmod 777 /media/common/www chmod 777 /media/common/www/*.* After that I ran: firefox 127.0.0.1/index.php It said: Forbidden You don't have permission to access / on this server. Apache/2.2.22 (Ubuntu) Server at 127.0.0.1 Port 80 Before my changes it was working fine. How can I run my websites?

    Read the article

  • Why do i get a 403 error when viewing a Drupal custom menu item via clean url?

    - by Chaulky
    Hi all, I've created a custom menu item in my Drupal 6 website by defining it in a custom module. This is an extremely simple MENU_NORMAL_ITEM menu item. The menu item is defined as /** * Implementation of hook_menu(). */ function menu_test_menu() { $items['menu_test'] = array( 'title' => 'Menu Test', 'page callback' => 'menu_test_hello', 'access callback' => TRUE, 'type' => MENU_NORMAL_ITEM, ); return $items; } Since I have clean URLs on, the path should be www.example.com/menu_test. That URL gives me a 403 error. But, if I enter www.example.com/?q=menu_test, everything works fine. Why am I getting the 403 error? The menu item is useless because it's always trying to go to the clean URL path, which should work but doesn't for some reason. Thanks for the help!

    Read the article

  • mod evasive not working properly on ubuntu 10.04

    - by Joe Hopfgartner
    I have an ubuntu 10.04 server where I installed mod_evasive using apt-get install libapache2-mod-evasive I already tried several configurations, the result stays the same. The blocking does work, but randomly. I tried with low limis and long blocking periods as well as short limits. The behaviour I expect is that I can request websites until either page or site limit is reached per given interval. After that I expect to be blocked until I did not make another request for as long as the block period. However the behaviour is that I can request sites and after a while I get random 403 blocks, which increase and decrase in percentage, however they are very scattered. This is an output of siege, so you get an idea: HTTP/1.1 200 0.09 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.11 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.09 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.09 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.09 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.10 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.08 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.09 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.10 secs: 75 bytes ==> /robots.txt HTTP/1.1 403 0.09 secs: 242 bytes ==> /robots.txt HTTP/1.1 200 0.09 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.09 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.10 secs: 75 bytes ==> /robots.txt HTTP/1.1 200 0.08 secs: 75 bytes ==> /robots.txt The exac limits in place during this test run were: DOSHashTableSize 3097 DOSPageCount 10 DOSSiteCount 100 DOSPageInterval 10 DOSSiteInterval 10 DOSBlockingPeriod 120 DOSLogDir /var/log/mod_evasive DOSEmailNotify ***@gmail.com DOSWhitelist 127.0.0.1 So I would expect to be blocked at least 120 seconds after being blocked once. Any ideas aobut this? I also tried adding my configuration at different places (vhost, server config, directory context) and with of without ifmodule directive... This doesnt change anything.

    Read the article

  • Intermittent 403 errors when using allow to limit access to url with both explicit IP and SetEnvIf

    - by rbieber
    We are running Apache 2.2.22 on a Solaris 10 environment. We have a specific URL that we want to limit access to by IP. We recently implemented a CDN and now have the added complexity that the IP's that a request are shown to be coming from are actually the CDN servers and not the ultimate end user. In the case that we need to back the CDN out, we want to handle the case where either the CDN is forwarding the request, or the ultimate client is sending the request directly. The CDN sends the end user IP address in an HTTP header (for this scenario that header is called "User-IP"). Here is the configuration that we have put in place: SetEnvIf User-IP (\d+\.\d+\.\d+\.\d+) REAL_USER_IP=$1 SetEnvIf REAL_USER_IP "(10\.1\.2\.3|192\.168\..+)" access_allowed=1 <Location /uri/> Order deny,allow Allow from 10.1.2.3 192.168. allow from env=access_allowed Deny from all </Location> This seems to work fine for a time, however at some point the web server starts serving 403 errors to the end user - so for some reason it is restricting access. The odd thing is that a bounce of the web server seems to resolve the issue, but only for a time - then the behavior comes back. It might be worthwhile to note as well that this URL is delegated to a JBoss server via mod_jk. The denial of access is, however; confirmed to be at the Apache layer and the issue only seems to happen after the server has been running for some time.

    Read the article

  • apache-memory-hacker-linux

    - by bibhudatta
    When we start the linux system it take only 435mb memory and it is 4GB memory server. When we start the httpd services it take 1000mb and outmatically it take all the memory and the server crase. even we stop the apache just it release 200mb memory. What will be the problem Can any one tell me what these hacker are doing. I see they are goinging some hit to my apache by some but I thing they are doing from this system. Below is the log. Please help me out for this. [root@host ~]# tail -20 /var/log/httpd/dostizone.com-combined.log 180.76.5.143 - - [14/Nov/2011:02:30:16 +0530] "GET /blogs/10248/209403/nfl-panties-since-the-quality-of HTTP/1.1" 403 2298 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" 180.76.5.88 - - [14/Nov/2011:02:30:31 +0530] "GET /blogs/815/158725/new-jersey-attorney-search HTTP/1.1" 403 2290 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" 220.181.108.186 - - [14/Nov/2011:02:30:32 +0530] "GET / HTTP/1.1" 403 5043 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" crawl-66-249-67-137.googlebot.com - - [14/Nov/2011:02:30:20 +0530] "GET /blogs/805/11279/supra-suprano-high-shoes HTTP/1.1" 200 30642 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:30:37 +0530] "GET /blogs/10514/215084/oakland-raiders-sweatpants-tags HTTP/1.1" 403 2297 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 220.181.94.237 - - [14/Nov/2011:02:30:12 +0530] "GET /profile/8509 HTTP/1.1" 200 236894 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" 220.181.94.237 - - [14/Nov/2011:02:30:43 +0530] "GET /mode-switch?return_url=%2Fblogs%2F8529%2F160217%2Fclimate-jordan-6 HTTP/1.1" 302 1 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:30:44 +0530] "GET /blogs/390/61573/blackhawk-jerseys-from-the-you HTTP/1.1" 403 2293 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" 124.115.0.159 - - [14/Nov/2011:02:30:24 +0530] "GET /blogs/693/46081/application/modules/Hecore/externals/scripts/core.js HTTP/1.1" 200 26869 "http://dostizone.com/blogs/693/46081/thomas-sabo-charms-hot-chilli" "Sosospider+(+http://help.soso.com/webspider.htm)" 124.115.0.159 - - [14/Nov/2011:02:30:24 +0530] "GET /blogs/693/46081/application/modules/Activity/externals/scripts/core.js HTTP/1.1" 200 26873 "http://dostizone.com/blogs/693/46081/thomas-sabo-charms-hot-chilli" "Sosospider+(+http://help.soso.com/webspider.htm)" 124.115.0.159 - - [14/Nov/2011:02:30:24 +0530] "GET /blogs/693/46081/application/modules/Hecore/externals/scripts/imagezoom/core.js HTTP/1.1" 200 26899 "http://dostizone.com/blogs/693/46081/thomas-sabo-charms-hot-chilli" "Sosospider+(+http://help.soso.com/webspider.htm)" 180.76.5.153 - - [14/Nov/2011:02:30:50 +0530] "GET /blogs/10252/212268/cleveland-browns-authentic-jerse HTTP/1.1" 403 2298 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:30:51 +0530] "GET /blogs/741/46260/chocolate-ugg-women-boots-1873 HTTP/1.1" 403 2293 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" 124.115.1.7 - - [14/Nov/2011:02:30:40 +0530] "GET /blogs/682/97454/swarovski-jewellry-sale-articles HTTP/1.1" 200 25770 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:30:56 +0530] "GET /blogs/779/60941/players-a-to-z-michael-cuddyer HTTP/1.1" 403 2293 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:31:01 +0530] "GET /blogs/469/58551/chicago-bears-news-there-exist HTTP/1.1" 403 2293 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" 220.181.94.237 - - [14/Nov/2011:02:30:54 +0530] "GET /blogs/8529/160217/climate-jordan-6 HTTP/1.1" 200 30750 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" 180.76.5.59 - - [14/Nov/2011:02:31:05 +0530] "GET /blogs/815/158197/cheap-calgary-flames-jerseys HTTP/1.1" 403 2292 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" crawl-66-249-68-51.googlebot.com - - [14/Nov/2011:02:31:06 +0530] "GET /mode-switch?return_url=%2Fblogs%2F387%2F45679%2Fhandbag-louis-vuitton-judy-mm-m4 HTTP/1.1" 403 2258 "-" "SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)" crawl-66-249-67-137.googlebot.com - - [14/Nov/2011:02:31:10 +0530] "GET /public/temporary/c83b731ecc556d7fd1a7732d9ac16ed6.png HTTP/1.1" 404 2305 "-" "Googlebot-Image/1

    Read the article

  • Why am I getting a 403 error on a POST to a PHP script?

    - by John Gallagher
    Background I want to allow my users to submit a crash report which will get emailed to me. I'm using UKCrashReporter with the bundled PHP script I've modified. This code does a POST to a specified URL along with the crash report. I'm on a shared server running Linux. My main domain is synapticmishap.co.uk. The Problem When I send the crash report off, on the Cocoa side, it reports as having sent it successfully, but I don't receive an email. The code has been used in lots of other well established Cocoa projects and it was working for me a few months ago. That leads me to conclude that the problems are related to my web server setup, something I know almost nothing about. When I look at my log files, I see entries like this: IP Redacted - - [10/Jun/2010:09:47:53 +0100] "POST /synapticmishap/crashreportform.php HTTP/1.1" 403 74 "-" "UKCrashReporter" What I've tried I've tried accessing the page at http://synapticmishap.co.uk/synapticmishap/crashreportform.php via a browser. It loads fine. I've made sure the permissions on this php script are set so anyone can execute it. I've tried removing the deny entries from the section of .htaccess at various levels starting with root. I've downloaded the URLParams plugin for Firefox which allows you to simulate POSTs. I put in the URL above and tried a post with "crashlog" as the parameter and "test" as the value. This generated a 200 log entry in my log file - it seemed to work, although no mail message was sent. Code I've got the following at http://synapticmishap.co.uk/synapticmishap/crashreportform.php. I've simplified it to just the bare bones in an effort to get it working. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Crash Report</title> </head> <body> <p>This page contains super special magic which submits a crash report item to me.</p> <p>Nothing to see here - move along.</p> <?php mail( "[email protected]", "Crash Report", "\r\n\r\nThis is a test."); ?> </body> </html> This is my top level .htaccess file: RewriteEngine on # -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> Options All -Indexes RewriteCond %{HTTP_HOST} ^synapticmishap.co.uk$ [OR] RewriteCond %{HTTP_HOST} ^www.synapticmishap.co.uk$ RewriteCond %{HTTP_HOST} ^lapsusapp.co.uk$ [OR] RewriteCond %{HTTP_HOST} ^www.lapsusapp.co.uk$ RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/synapticmishap\/lapsuspromo\/" [R=301,L] RewriteCond %{HTTP_HOST} ^jgtutoring.co.uk$ [OR] RewriteCond %{HTTP_HOST} ^www.jgtutoring.co.uk$ RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/tutoring" [R=301,L] RewriteCond %{HTTP_HOST} ^synapticmishap.co.uk$ [OR] RewriteCond %{HTTP_HOST} ^www.synapticmishap.co.uk$ RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/synapticmishap" [R=301,L] RewriteCond %{HTTP_HOST} ^jgediting.co.uk$ [OR] RewriteCond %{HTTP_HOST} ^www.jgediting.co.uk$ RewriteRule ^/?$ "http\:\/\/synapticmishap\.co\.uk\/editing" [R=301,L] RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.synapticmishap.co.uk/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.synapticmishap.co.uk$ [NC] RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/synapticmishap/crashreportform.php/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://synapticmishap.co.uk/synapticmishap/crashreportform.php$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] Help! I'm at the end of my tether with this and I'm in a very unfamiliar space with all this web stuff. I'd be most appreciative of any thoughts people had on why this isn't working. Thanks.

    Read the article

  • All my sites are 403 but the server is running. Errors on startup

    - by Craig
    We gave access to a contractor to install a firewall and somehow while he was doing it he fracked something up. Everything went off-line about 24 hours ago and we are effectively out of business until I solve this and the person who messed up the thing is not returning calls. I found a few errors. First, I'm not a server guy - I can look at log files and normally everything runs fine. All 'services' are running according to 1and1 server monitoring and mail is being delivered just fine. The whole thing was off-line until I (probably stupidly) updated the kernel from 6.2 to 6.3 this morning and I got everything back except the http access. All the domains (~200 of them) are returning a 403 error and nothing is recorded in the access log. On every restart I see this error in the messages log file: init: Failed to spawn ttyS0 main process: unable to execute: No such file or directory and a little later these: kernel: WARNING: at kernel/sched.c:5914 thread_return+0x232/0x79d() (Not tainted) kernel: Hardware name: X9SCL/X9SCM kernel: Modules linked in: xt_iprange iptable_filter ip_tables ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 ext4 jbd2 serio_raw i2c_i801 i2c_core sg iTCO_wdt iTCO_vendor_support e1000e ext3 jbd mbcache raid1 sd_mod crc_t10dif ahci dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan] kernel: Pid: 367, comm: md3_raid1 Not tainted 2.6.32-220.2.1.el6.x86_64 #1 kernel: Call Trace: kernel: [<ffffffff81069997>] ? warn_slowpath_common+0x87/0xc0 kernel: [<ffffffff810699ea>] ? warn_slowpath_null+0x1a/0x20 kernel: [<ffffffff814eccc5>] ? thread_return+0x232/0x79d kernel: [<ffffffff8126a4d9>] ? cpumask_next_and+0x29/0x50 kernel: [<ffffffff813e9c05>] ? md_super_wait+0x55/0x90 kernel: [<ffffffff81090a10>] ? autoremove_wake_function+0x0/0x40 kernel: [<ffffffff813ebf46>] ? md_update_sb+0x206/0x3f0 kernel: [<ffffffff813ee922>] ? md_check_recovery+0x3f2/0x6d0 kernel: [<ffffffffa005b129>] ? raid1d+0x49/0x1050 [raid1] kernel: [<ffffffff814ed985>] ? schedule_timeout+0x215/0x2e0 kernel: [<ffffffff814ef447>] ? _spin_unlock_irqrestore+0x17/0x20 kernel: [<ffffffff813eb336>] ? md_thread+0x116/0x150 kernel: [<ffffffff81090a10>] ? autoremove_wake_function+0x0/0x40 kernel: [<ffffffff813eb220>] ? md_thread+0x0/0x150 kernel: [<ffffffff810906a6>] ? kthread+0x96/0xa0 kernel: [<ffffffff8100c14a>] ? child_rip+0xa/0x20 kernel: [<ffffffff81090610>] ? kthread+0x0/0xa0 kernel: [<ffffffff8100c140>] ? child_rip+0x0/0x20 And something is wrong with the Named/BIND resulting in the same error for all domains: zone DOMAINEXAMPLE.com/IN: loading from master file DOMAINEXAMPLE.com failed: file not found zone DOMAINEXAMPLE.com/IN: not loaded due to errors. _default/DOMAINEXAMPLE.com/IN: file not found I'm pretty sure this is not enough information to solve the problem, but I'm willing to engage someone who can work this out for me. Any help would be greatly appreciated.

    Read the article

  • Wordpress 403/404 Errors: You don't have permission to access /wp-admin/themes.php on this server

    - by Glen
    Some background: I setup six blogs this week, all using Wordpress 2.92, installed with Fantastico on a baby croc plan with Hostgator. I used the same theme (heatmap 2.5.4) and plugins for each blog. They were all up and running, no issues at all. I go to create a new blog this morning, using the same setup, and when I try to change the theme settings, I get the following error: Forbidden You don't have permission to access /wp-admin/themes.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8n DAV/2 mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.mydomain.com Port 80 I tried uninstalling WP and doing a clean install, still the same issue with a clean installation. So I went back and checked the six other blogs that I had setup over the last week or so, and they are also now giving me 403 or 404 errors when trying to change theme settings, and everytime there's an error it points to either themes.php or functions.php At this point I'm at my wits end trying to figure out what the problem is. Hostgator support looked at it and thought maybe it was a permissions issue but they reset those and I'm still having the problem. At first I thought the problem might have been related to a plugin I recently installed on the previous six blogs that morning (ByREV Fix Missed Shedule Plugin) to deal with a missed schedule bug with WP 2.92, and that maybe that had mucked things up. But then I checked a blog I built months ago, also using the same theme and plugins, and now it too is also encountering the same problem. Any ideas? I tried deleting my htaccess, uploading a blank one, uploading one with this snippet I found on the hostgator forum: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress Nothing has worked. I still get 403 or 404 errors everytime. Everything was working perfectly yesterday so I know this setup DOES WORK, I've just mucked something up somewhere and I'm clueless what it is. I read a related thread here and tried chmoding the wp-content folder to 0755 and still having the issue. Any thoughts? Thanks!

    Read the article

  • errorCode=003001; statusCode=403; source=Throttling Policy

    - by ihoka
    Lately, in our app using IPP data services, we have encountered these errors from time to time. <RestResponse xmlns="http://www.intuit.com/sb/cdm/v2"> <Error RequestId="49f7926a9aa84cfc8289534801dee72d"> <RequestName>ErrorRequest</RequestName> <ProcessedTime>2012-12-07T10:10:59+00:00</ProcessedTime> <ErrorCode>3001</ErrorCode> <ErrorDesc>message=This client has made too many consecutive requests over too short a period of time. Please wait a short amount of time before attempting to submit again; errorCode=003001; statusCode=403; source=Throttling Policy</ErrorDesc> </Error> </RestResponse> Can't find any reference to a "Throttling Policy" or error code "3001" anywhere in the IPP documentation. Any help is appreciated.

    Read the article

  • WebClient - The remote server returned an error: (403) Forbidden.

    - by daniel
    Opening a public page from browser works fine. Downloading same page using WebClient throws - (403) Forbidden. What is going on here ? Here is quick copy/paste example (used on console app) to specific page on web: try { WebClient webClient = new WebClient(); string ss = webClient.DownloadString("http://he.wikisource.org/wiki/%D7%A9%D7%95%D7%9C%D7%97%D7%9F_%D7%A2%D7%A8%D7%95%D7%9A_%D7%90%D7%95%D7%A8%D7%97_%D7%97%D7%99%D7%99%D7%9D_%D7%90_%D7%90"); } catch (Exception ex) { throw; }

    Read the article

  • How to produce an HTTP 403-equivalent WCF Message from an IErrorHandler?

    - by Andras Zoltan
    I want to write an IErrorHandler implementation that will handle AuthenticationException instances (a proprietary type), and then in the implementation of ProvideFault provide a traditional Http Response with a status code of 403 as the fault message. So far I have my first best guess wired into a service, but WCF appears to be ignoring the output message completely, even though the error handler is being called. At the moment, the code looks like this: public class AuthWeb403ErrorHandler : IErrorHandler { #region IErrorHandler Members public bool HandleError(Exception error) { return error is AuthenticationException; } public void ProvideFault(Exception error, MessageVersion version, ref Message fault) { //first attempt - just a stab in the dark, really HttpResponseMessageProperty property = new HttpResponseMessageProperty(); property.SuppressEntityBody = true; property.StatusCode = System.Net.HttpStatusCode.Forbidden; property.StatusDescription = "Forbidden"; var m = Message.CreateMessage(version, null); m.Properties[HttpResponseMessageProperty.Name] = property; fault = m; } #endregion } With this in place, I just get the standard WCF html 'The server encountered an error processing the request. See server logs for more details.' - which is what would happen if there was no IErrorHandler. Is this a feature of the behaviours added by WebServiceHost? Or is it because the message I'm building is simply wrong!? I can verify that the event log is indeed not receiving anything. My current test environment is a WebGet method (both XML and Json) hosted in a service that is created with the WebServiceHostFactory, and Asp.Net compatibility switched off. The service method simply throws the exception in question.

    Read the article

  • Is my webserver being abused for banking fraud?

    - by koffie
    Since a few weeks i'm getting a lot of 403 errors from apache in my log files that seem to be related to a bank frauding scheme. The relevant log entries look like this (The ip 1.2.3.4 is one I made up, I did not modify the rest of each line) www.bradesco.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:32 +0100] "GET / HTTP/1.1" 403 427 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.bb.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:32 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.santander.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:33 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.banese.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:33 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" the logformat I use is: LogFormat "%V:%p %U %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" The strange thing is that all these domains are domains of banks and 3 out of the 4 domains are also in the list of the bank frauding scheme described on: http://www.abuse.ch/?p=2925 I would really like to know if my server is being abused for bank frauding or not. I suspect not, because it's giving 403 to all requests. But any extra checks that I can do to ensure that my server is not being abused are welcome. I'm also curious on how the "bad guys" expected my server to behave. I.e. are they just expecting my server to act as a proxy to hide the ip of the fake site, or are they expecting that my server will actually serve the fake banking website? Is the ip 1.2.3.4 more likely to be the ip of a victim or the ip of a bad guy. I suspect a bad guy, because it's quite unlikely that a real person would visit 4 bank sites in a second. If it's from a bad guy I'm very curious at what he is trying to do.

    Read the article

  • Why standard, virtual host Drupal 7 config causes 403 (Forbidden) in Apache2?

    - by drupality
    Virtual host declaration causing the problem (source): <VirtualHost *:80> ServerAdmin admin@d7 DocumentRoot /vagrant/d7 ServerName www.d7.local ServerAlias d7.local RewriteEngine On RewriteOptions inherit <Directory /vagrant/d7> Order allow,deny Allow from all </Directory> <Directory /vagrant> Order allow,deny Allow from all </Directory> </VirtualHost> error logs: [Mon Nov 04 12:23:11.947082 2013] [authz_core:error] [pid 2471] [client 10.0.2.2:58238] AH01630: client denied by server configuration: /vagrant/d7/ I have no idea why this isn't work... With above rule I have forbidden on drupal site and apache welcome page too (index.html) ls -ld /vagrant/d7 command output: drwxrwxrwx 1 vagrant vagrant 8192 Nov 4 10:05 /vagrant/d7

    Read the article

  • Forwarding a subdomain to main domain using Godaddy.

    - by Ryan Hayes
    I have current blog, which was hosted on Tumblr at http://blog.ryanhayes.net. I'm moving it over to http://ryanhayes.net, and have all the 301 redirects set up for the blog entries to map to my new blog, which is hosted using Godaddy (domain included). When I try to set up a subdomain forward, I'm greeted with a nice 403 Forbidden response (as of this writing, you can see it at http://blog.ryanhayes.net. When I try to ping both the subdomain and domain, they point to the same IP address, so I know blog subdomain has at least switched over to point to the same content. I don't really understand why I would get a 403 Forbidden on the same content that I can see perfectly fine via another domain. Currently, I have a CNAME of blog pointing to @, which is how "www" is set up to forward, so I'm assuming it would do the same thing. My question is what is the proper way to set up my DNS to make the blog subdomain forward to my main domain (301) using the GoDaddy DNS manager? Bonus: What is the background on why I am getting a 403 error the current way? Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. UPDATE 12/7/2010 Error on site has been fixed, you can no longer view it from my site.

    Read the article

  • Apache redirecting: reason unknown

    - by Sinan
    I have a simple php script. The script is not important. It just prints out $_SERVER. When I request an URL like www.server.com/?ref=bar everything is fine. However if the request contains something like www.server.com/?ref=http://www.test.com (?ref=http%3A%2F%2Fwww.test.com) the server redirects to 403.shtml. No redirect for http://x but redirects http://x.y As far as I can understand somehow the server doesn't like "http://x". It always redirects to 403.shtml when there is a valid query string in the form of a valid url. my .htacess file is the same both on my server and local test server and local test server behaves as expected (no redirects). So I don't it is related to .htaccess. I'm on shared host on Hostgator. Can anyone help? Edit: Here's the .htaccess file Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?$1 [L,QSA] When there is an http://xx.x it redirects to 403 even if there is physical file. However if I remove the .htaccess redirect to 403 also disappears. But I need the above .htaccess file. Is there a way to get around this?

    Read the article

  • Forwarding a subdomain to main domain using Godaddy

    - by Ryan Hayes
    I have current blog, which was hosted on Tumblr at http://blog.ryanhayes.net. I'm moving it over to http://ryanhayes.net, and have all the 301 redirects set up for the blog entries to map to my new blog, which is hosted using Godaddy (domain included). When I try to set up a subdomain forward, I'm greeted with a nice 403 Forbidden response (as of this writing, you can see it at http://blog.ryanhayes.net. When I try to ping both the subdomain and domain, they point to the same IP address, so I know blog subdomain has at least switched over to point to the same content. I don't really understand why I would get a 403 Forbidden on the same content that I can see perfectly fine via another domain. Currently, I have a CNAME of blog pointing to @, which is how "www" is set up to forward, so I'm assuming it would do the same thing. My question is what is the proper way to set up my DNS to make the blog subdomain forward to my main domain (301) using the GoDaddy DNS manager? Bonus: What is the background on why I am getting a 403 error the current way? Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. UPDATE 12/7/2010 Error on site has been fixed, you can no longer view it from my site.

    Read the article

  • Serve a specific set of error pages for different subdirectories

    - by navitronic
    I am currently trying to setup 2 different sets of Error documents for separate folders within a website. I have 2 folders within the root of a site: demo/ live/ Any requests that return 404's or 403's within the demo folder needs to load one set of pages for the Apache errordocuments, eg. ErrorDocument 404 /statuses/demo-404.html ErrorDocument 403 /statuses/demo-403.html And the live needs to go to similarly name files. ErrorDocument 404 /statuses/live-404.html ErrorDocument 403 /statuses/live-403.html So far I have tried placing an .htaccess file in both directories with the ErrorDocument directives setup pointing to the specific files, the 404 works fine and references the correct page. However, the 403s do not work and revert to the server default when trying to access forbidden folders within the demo directory, the logs indicate the following: [Wed Jun 16 04:47:44 2010] [crit] [client 115.64.131.144] (13)Permission denied: /home/abstract/public_html/demo/xxx/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable Is this correct? Would apache revert to default because it is trying to look for the htaccess in a folder it doesn't have permission in? Why wouldn't it work it's way back through the folder tree? Can I make it do this?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >