将 Apache 从 2.2 更新至 2.4 后，子域名返回 HTTP 403

2024-5-29 • tag-icon

virtualhost subdomain http-status-code-403 apache-2.4

将 Apache 从 2.2 更新至 2.4 后，子域名返回 HTTP 403

在操作系统升级（包括将 Apache 从 2.2 更新到 2.4）后，我现在尝试访问时出现 403 错误http://files.fierydragonlord.com/和http://status.fierydragonlord.com/。然而，http://www.fierydragonlord.com有效。发生了什么事？

以下是我的vhosts.conf：

#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See /usr/share/doc/packages/apache2/README.QUICKSTART for further hints
# about virtual hosts.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld


    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/htdocs/

    # Set log file location
    ErrorLog /var/log/apache2/error_log
    CustomLog /var/log/apache2/access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php
</VirtualHost>

<VirtualHost *:80>
    ServerName status.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld


    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/status/

    DirectoryIndex index.php

    # Set log file location
    ErrorLog /var/log/apache2/status-error_log
    CustomLog /var/log/apache2/status-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted
    </Directory>

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied
    </Files>
</VirtualHost>

<VirtualHost *:80>
    ServerName files.fierydragonlord.com

    # Specify alternative domain names for the virtual host like this
    # (wildcards * and ? may be used, and multiple aliases may be specified):
    # ServerAlias domain.tld extra.domain.tld *.domain.tld


    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    DocumentRoot /srv/www/vhosts/files/

    DirectoryIndex index.html

    # Set log file location
    ErrorLog /var/log/apache2/files-error_log
    CustomLog /var/log/apache2/files-access_log combined

    # don't loose time with IP address lookups
    HostnameLookups Off
    # needed for named virtual hosts
    UseCanonicalName Off
    # configures the footer on server-generated documents
    ServerSignature On

    <Directory />
        Options None
        Require all granted
    </Directory>

    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show them
    <Files ~ "^\.ht">
        Require all denied
    </Files>

    # Use custom error documents
    ErrorDocument 400 /00-Error/400.php
    ErrorDocument 401 /00-Error/401.php
    ErrorDocument 403 /00-Error/403.php
    ErrorDocument 404 /00-Error/404.php
    ErrorDocument 410 /00-Error/410.php
    ErrorDocument 414 /00-Error/414.php
    ErrorDocument 500 /00-Error/500.php
    ErrorDocument 503 /00-Error/503.php
</VirtualHost>

我在日志中收到如下错误：

[Fri Nov 22 12:37:53.271724 2013] [access_compat:error] [pid 5445] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/, referer: http://www.fierydragonlord.com/
[Fri Nov 22 12:46:14.115480 2013] [access_compat:error] [pid 5440] [client xxx.xxx.xxx.xxx:xxxx] AH01797: client denied by server configuration: /srv/www/vhosts/status/index.php

apache2ctl -S返回以下内容：

[Fri Nov 22 12:56:50.229301 2013] [core:warn] [pid 5529] AH00117: Ignoring deprecated use of DefaultType in line 140 of /etc/apache2/httpd.conf.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/vhosts.d/vhosts.conf:16
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost www.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:18)
         port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost status.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:53)
         port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
         port 80 namevhost files.fierydragonlord.com (/etc/apache2/vhosts.d/vhosts.conf:92)
ServerRoot: "/srv/www"
Main DocumentRoot: "/srv/www/htdocs"
Main ErrorLog: "/var/log/apache2/error_log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="wwwrun" id=30
Group: name="www" id=8

答案1

Apache 2.4 处理虚拟主机指令的方式与 2.2 不同，请查看以下链接中的示例。

http://httpd.apache.org/docs/current/vhosts/examples.html

基本上，更改 NameVirtualHost *:80 -> Listen 80

所以它看起来像这样：

Listen 80

# This is the "main" server running on 172.20.30.40
ServerName server.example.com
DocumentRoot /www/mainserver

<VirtualHost 172.20.30.50>
    DocumentRoot /www/example1
    ServerName www.example.com

    # Other directives here ...
</VirtualHost>

<VirtualHost 172.20.30.50>
    DocumentRoot /www/example2
    ServerName www.example.org

    # Other directives here ...
</VirtualHost>

您可能还想检查 httpd.conf 和 vhosts.conf 的其余部分是否存在其他弃用和冲突。请参阅此链接。http://httpd.apache.org/docs/trunk/upgrading.html

你自己回答的部分是正确的，顺序/要求有所改变，但如果你浏览该页面，你会看到更多。我建议你仔细阅读，确保你已经解决了所有问题。即使你让它工作了，也要反复检查，有些变化可能不会破坏 apache 甚至日志……但可能会导致其他问题（安全性/稳定性）。

答案2

原来，旧Order deny,allow语法和新Require all granted语法之间存在冲突。openSUSE 本身提供的系统主配置文件未配置为使用新Require语法。由于Order语法由与语法不同的模块处理Require，旧语法会覆盖新语法，从而导致失败。

我已经恢复了旧的Order语法，并在自定义配置文件中添加了一条注释来解释该问题。

相关内容