Default Web Server: 403 Forbidden

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
Post Reply
sunkai
Starting out
Posts: 46
Joined: Sat Jun 28, 2008 4:02 am

Default Web Server: 403 Forbidden

Post by sunkai »

Hi all,

I have a Qnap TS-209 II Pro (firmware 3.3.2), and recently enabled the built in Web Server to access the Transmission admin page.

However, trying to access any of the files through a web browser (from a web browser client on the lan), results in a 403 Forbidden error:
Forbidden
You don't have permission to access / on this server.

Apache/1.3.41 Server at 192.168.xxx.xxx Port 80
I've tried accessing the root directory, as well as the "/transmission/" directory, and the result is the same.

Checking the file and folder permissions, they are as follows:
drwxrwxrwx 4 admin administ 4096 Aug 9 12:38 Qweb/

drwxrwxrwx 17 admin administ 4096 Feb 13 2008 Joomla/
-rw-r--r-- 1 admin administ 11263 Jan 11 2010 index.html
drwxrwxrwx 11 admin administ 4096 Aug 21 2007 phpMyAdmin/
lrwxrwxrwx 1 admin administ 48 Aug 9 12:38 transmission -> /share/MD0_DATA/.qpkg/Transmission/web-gui/admin/
This all looks reasonable to me, with every user type being allowed to at least read the index.html file.

Searching the forums, I only found solutions to this sort of problem that referenced "getfacl", which is a command unavailable in my shell. I think this command is most likely a feature of newer firmwares, built for newer hardware revisions.

At the moment, the group "everyone" does not have any access check-boxes ticked. I did try ticking the RO "Qweb" box for this group, but this did not seem to have an effect.

Does anyone know whether I could be missing some settings in the Access Right Management control panel?
sunkai
Starting out
Posts: 46
Joined: Sat Jun 28, 2008 4:02 am

Re: Default Web Server: 403 Forbidden

Post by sunkai »

I've also checked the /etc/config/apache/apache.conf file and found this block:
<Directory "/share/Qweb">
Options -ExecCGI -Includes -FollowSymLinks -MultiViews -Indexes
AllowOverride None
Order deny,allow
Deny from all
Allow from 192.168.0
</Directory>
Can anyone see anything wrong with my set up, from an OS, Access Rights, or Apache perspective?
Last edited by sunkai on Sat Aug 11, 2012 11:15 pm, edited 1 time in total.
sunkai
Starting out
Posts: 46
Joined: Sat Jun 28, 2008 4:02 am

Re: Default Web Server: 403 Forbidden

Post by sunkai »

After looking at the error file for Apache ("/usr/local/apache/logs/apache_error_log"), it looks like it's a problem with resolving the symbolic link nature of "/share/Qweb/":
[error] [client 192.168.0.212] Symbolic link not allowed: /share/Qweb/
In "apache.conf", the "FollowSymLinks" is negated with a minus sign inside of the Options of the "<Directory "/share/Qweb">" block. I tried removing the minus sign and restarting apache with "/etc/init.d/Qthttpd.sh restart", but still had the same error in the log file.

Is there an Apache option that is required to allow a "Directory" to be a symbolic link?
sunkai
Starting out
Posts: 46
Joined: Sat Jun 28, 2008 4:02 am

Re: Default Web Server: 403 Forbidden

Post by sunkai »

Okay, I've solved my own problem. The issue is actually with this block in the default "apache.conf" file:
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
By specifying "Options None", the symbolic link of "/share/Qweb" will always be forbidden, regardless of what you specify in its "Directory" block. At the very least, "Options FollowSymLinks" or "Options SymLinksIfOwnerMatch" must be set in "<Directory />".
sunkai
Starting out
Posts: 46
Joined: Sat Jun 28, 2008 4:02 am

Re: Default Web Server: 403 Forbidden

Post by sunkai »

It's worth noting that if you want to access symbolic links within the "/share/Qweb" directory (like "/share/Qweb/transmission/"), then you must also remove the default option "-FollowSymLinks" from the "Options", as well as enable "FollowSymLinks" in the parent Directory block ("/").
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Default Web Server: 403 Forbidden

Post by schumaku »

The default apache.conf from the latest TS-109/209/409 firmware v3.3.2 (in /etc/default_config/) as well as all my TS-x09 apache.conf files in /etc/config/apache/ contain this:

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory "/share/Qweb">
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

If you have anyhting different ... it's not made by QNAP - or it's sosmething outdated.
iainhunter
New here
Posts: 5
Joined: Wed Sep 06, 2017 8:06 am

Re: Default Web Server: 403 Forbidden

Post by iainhunter »

I just repushed all my files to the server from my local directory. That took care of whatever troubles were existing.
Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”