acces to /sac denied

boggi · Postby **boggi** » Sun Jul 22, 2007 9:56 am

Hello @all

i have a big problem with my scalix installation on my ubuntu Feisty fawn

when i will get the site Http://ServerIp/sac or Http://ServerIp/webmail the following site comes up to me:

Forbidden
You don't have permission to access /sac on this server.

--------------------------------------------------------------------------------

Apache/2.2.3 (Ubuntu) PHP/5.2.1 Server at 192.168.42.1 Port 80

when i get http://ServerIp/Scalix/rw it comes up the rule wizzard.

please helpme ... why does it not work ??

fb · Postby fb » Mon Jul 23, 2007 2:33 am

hi there,

what does the error.log and access.log of your apache look like?

Sounds like either scalix-tomcat is down which apache refers to through tomcat-connector, but that's only one of a million could-be's....

boggi · Postby **boggi** » Mon Jul 23, 2007 2:01 pm

here is error.log

[Mon Jul 23 19:58:02 2007] [notice] Apache/2.2.3 (Ubuntu) PHP/5.2.1 configured -- resuming normal operations
[Mon Jul 23 19:58:05 2007] [error] [client 192.168.42.20] File does not exist: /htdocs
[Mon Jul 23 19:58:09 2007] [error] [client 192.168.42.20] client denied by server configuration: proxy:ajp://homer:8009/sac
[Mon Jul 23 19:58:25 2007] [error] [client 192.168.42.20] File does not exist: /var/opt/scalix/ml/s/omhtml/RW-C/image/list-selectoron.gif, referer:$
[Mon Jul 23 19:58:25 2007] [error] [client 192.168.42.20] File does not exist: /var/opt/scalix/ml/s/omhtml/RW-C/image/list-selectoroff.gif, ref

and my access.log

92.168.42.20 - - [23/Jul/2007:18:54:49 +0200] "GET /sac HTTP/1.1" 404 288 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
192.168.42.20 - - [23/Jul/2007:18:54:56 +0200] "GET /Scalix/rw HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"

and here ... some more information ...

root@homer:/var/log/apache2# omstat -a
PC Monitor Started NON-STOP 0
Directory Relay Server Started 19:54:56
Notification Server Started 19:54:56 0
Shared memory daemon Started NON-STOP
Notification Monitor Started NON-STOP
Session Monitor Started NON-STOP
Indexer Started NON-STOP
Stats Daemon Started NON-STOP
Container Access Monitor Started NON-STOP
Item Structure Server Started 19:54:56
Database Monitor Started 19:54:56
Licence Monitor Daemon Started NON-STOP
LDAP Daemon Started 19:54:56
Queue Manager Started NON-STOP
Item Delete Daemon Started NON-STOP
IMAP Server Daemon Started 19:54:56
SMTP Relay Started 19:54:56
Mime Browser Controller Started 19:54:56
Event Server Started 19:54:56
root@homer:/var/log/apache2# omstat -s
Service Router Started 19:54:58 0
Local Delivery Started 19:54:58 0
Internet Mail Gateway Started 19:54:58 0
Local Client Interface Enabled 19:54:58 0
Remote Client Interface Enabled 19:54:58 1
Test Server Started 19:54:58 0
Request Server Started 19:54:58 0
Print Server Started 19:54:58 0
Bulletin Board Server Started 19:54:58 0
Background Search Service Started 19:54:58 0
CDA Server Started 19:54:58 0
POP3 interface Started 19:54:58 0
Omscan Server Started 19:54:58 0
Archiver Started 19:54:58 0
root@homer:/var/log/apache2# omshowu -n sxadmin
Authentication ID: sxadmin
Globally Unique ID: 15000000f8cd4a64-1.24.861.291
User Name : sxadmin /CN=sxadmin
MailNode : chapati
Internet Address : unset
System Login : 66000
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Mail Account: Unlocked
Last Signon : 23.07.07 19:58:24
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
Recovery Folder visible : NO
User Class : Limited
SIS URL : sxidx://mail.homer.de/05000000f8cd4a64-1.24.861.291
root@homer:/var/log/apache2#

please help me

les · Postby **les** » Mon Jul 23, 2007 6:16 pm

boggi wrote:here is error.log
[Mon Jul 23 19:58:02 2007] [notice] Apache/2.2.3 (Ubuntu) PHP/5.2.1 configured -- resuming normal operations
[Mon Jul 23 19:58:05 2007] [error] [client 192.168.42.20] File does not exist: /htdocs
[Mon Jul 23 19:58:09 2007] [error] [client 192.168.42.20] client denied by server configuration: proxy:ajp://homer:8009/sac
[Mon Jul 23 19:58:25 2007] [error] [client 192.168.42.20] File does not exist: /var/opt/scalix/ml/s/omhtml/RW-C/image/list-selectoron.gif, referer:$
[Mon Jul 23 19:58:25 2007] [error] [client 192.168.42.20] File does not exist: /var/opt/scalix/ml/s/omhtml/RW-C/image/list-selectoroff.gif, ref

The line bolded above is important. Its saying that you have some global server configuration denying the request. This could be something like allowing access only to 127.0.0.1 without including your subnet.

Check your apache configuration files, including the tomcat ones in /etc/opt/scalix-tomcat/connector/ajp/instance-<hostname>.conf

/etc/opt/scalix-tomcat/connector/jk/instance-<hostname>.conf

If you can find the answer post those files.

boggi · Postby **boggi** » Tue Jul 24, 2007 12:10 pm

les wrote:...
The line bolded above is important. Its saying that you have some global server configuration denying the request. This could be something like allowing access only to 127.0.0.1 without including your subnet.

Check your apache configuration files, including the tomcat ones in /etc/opt/scalix-tomcat/connector/ajp/instance-<hostname>.conf

/etc/opt/scalix-tomcat/connector/jk/instance-<hostname>.conf

If you can find the answer post those files.

here my the file called "instance-mail.homer.de.conf" from ajp directory

<VirtualHost homer:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.homer.de.*.conf
</VirtualHost>

here my the file called "instance-mail.homer.de.conf" from jk directoy

<VirtualHost homer:80>
Include /etc/opt/scalix-tomcat/connector/jk/app-mail.homer.de.*.conf
</VirtualHost>
JkWorkerProperty worker.mail.homer.de.type=ajp13
JkWorkerProperty worker.mail.homer.de.host=homer
JkWorkerProperty worker.mail.homer.de.port=8009
JkWorkerProperty worker.mail.homer.de.lbfactor=50
JkWorkerProperty worker.mail.homer.de.cachesize=10
JkWorkerProperty worker.mail.homer.de.cache_timeout=600
JkWorkerProperty worker.mail.homer.de.socket_keepalive=1
JkWorkerProperty worker.mail.homer.de.recycle_timeout=300

hope it helpes

les · Postby **les** » Tue Jul 24, 2007 6:13 pm

boggi wrote:
les wrote:...
The line bolded above is important. Its saying that you have some global server configuration denying the request. This could be something like allowing access only to 127.0.0.1 without including your subnet.

Check your apache configuration files, including the tomcat ones in /etc/opt/scalix-tomcat/connector/ajp/instance-<hostname>.conf

/etc/opt/scalix-tomcat/connector/jk/instance-<hostname>.conf

If you can find the answer post those files.

here my the file called "instance-mail.homer.de.conf" from ajp directory
<VirtualHost homer:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.homer.de.*.conf
</VirtualHost>

here my the file called "instance-mail.homer.de.conf" from jk directoy
<VirtualHost homer:80>
Include /etc/opt/scalix-tomcat/connector/jk/app-mail.homer.de.*.conf
</VirtualHost>
JkWorkerProperty worker.mail.homer.de.type=ajp13
JkWorkerProperty worker.mail.homer.de.host=homer
JkWorkerProperty worker.mail.homer.de.port=8009
JkWorkerProperty worker.mail.homer.de.lbfactor=50
JkWorkerProperty worker.mail.homer.de.cachesize=10
JkWorkerProperty worker.mail.homer.de.cache_timeout=600
JkWorkerProperty worker.mail.homer.de.socket_keepalive=1
JkWorkerProperty worker.mail.homer.de.recycle_timeout=300

hope it helpes

i just posted the same solution to someone else....

your virtual host definition is "hardcoded" to

<VirtualHost homer:80>

That means you can only access it using home:80

set it to

<VirtualHost *:80>

and restart scalix-tomcat and httpd

That should have tomcat serve requests on all interfaces.

boggi · Postby **boggi** » Wed Jul 25, 2007 2:41 pm

Hello thanks for your help, but it doesnt run.

If i try to replace homer with "*" and restart apache2 the following error occurs:

* Forcing reload of web server (apache2)... [Wed Jul 25 20:34:21 2007] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Ok ... then i have try to add my Client-IP. After restarting Apache and Tomcat i try to connect to server on the Client- Pc. But then Error 404 (File Not Found) occurs.

Now i paste the apache error.log here

[Wed Jul 25 20:29:13 2007] [error] [client 192.168.42.20] File does not exist: /var/www/sac
[Wed Jul 25 20:29:19 2007] [error] [client 192.168.42.20] File does not exist: /var/www/sac
[Wed Jul 25 20:29:24 2007] [error] [client 192.168.42.20] File does not exist: /var/www/webmail

what happend ?? And what should i do that all Clients can be connect to scalix

les · Postby **les** » Wed Jul 25, 2007 4:53 pm

boggi wrote:Hello thanks for your help, but it doesnt run.

If i try to replace homer with "*" and restart apache2 the following error occurs:

* Forcing reload of web server (apache2)... [Wed Jul 25 20:34:21 2007] [error] VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Ok ... then i have try to add my Client-IP. After restarting Apache and Tomcat i try to connect to server on the Client- Pc. But then Error 404 (File Not Found) occurs.

Now i paste the apache error.log here

did you change both files?

do you have any other separate apache virtual hosts defined?

if you set it back to homer:80 on each can you browse to http://homer/sac and http://homer/webmail/ ??

You should also make sure you have valid dns entries for homer.

[Wed Jul 25 20:29:13 2007] [error] [client 192.168.42.20] File does not exist: /var/www/sac
[Wed Jul 25 20:29:19 2007] [error] [client 192.168.42.20] File does not exist: /var/www/sac
[Wed Jul 25 20:29:24 2007] [error] [client 192.168.42.20] File does not exist: /var/www/webmail

what happend ?? And what should i do that all Clients can be connect to scalix

boggi · Postby **boggi** » Thu Jul 26, 2007 1:20 am

did you change both files?
Yes i changed both files

do you have any other separate apache virtual hosts defined?
no, i think i have no other hosts defined

if you set it back to homer:80 on each can you browse to http://homer/sac and http://homer/webmail/ ??
i can not browse on the server to this adress, because there are no browsers installed on the server. It's a clean server without kde or desktop.

You should also make sure you have valid dns entries for homer.
what you mean with an valid dns entry ?

boggi · Postby **boggi** » Fri Jul 27, 2007 7:25 am

any other ideas ...

please help me

les · Postby **les** » Fri Jul 27, 2007 9:21 pm

boggi wrote:
You should also make sure you have valid dns entries for homer.
what you mean with an valid dns entry ?

[/quote]

dns.....what translates names to ip addresses......

from any pc on your network can you type in http://homer/sac or http://homer/webmail and does it resolve to the server?

can you ping homer and does it reply from the servers ip address?

is your scalix tomcat running?

do you have any firewalling running on the box blocking access?

I really think that if you dont have a great understanding of dns that you have bitten off more than you can chew with a manual install on a ubuntu platform.

I would recommend you go to a supported platform with an auto-installer like redhat, centos or suse which will make your life much easier.

rcbosman · Postby **rcbosman** » Thu Aug 23, 2007 6:41 am

Had the same problem on my debian box.

Take a look at /etc/apache2/mods-enabled/proxy.conf

There is probably a Deny from all line. What you need is a Allow from line. So it should look like something like this

<Proxy *>
AddDefaultCharset off
Order deny, allow
Deny from all
Allow from .your.local.network
</Proxy>

The reason that you don't want a Allow from all is that if you do that your proxy will be open everyone and spammers can use it to send mail.

Scalix Forums

acces to /sac denied

acces to /sac denied

Who is online