newspaint

Documenting Problems That Were Difficult To Find The Answer To

Ubuntu 12.04.1 Apache Not Listing Directory Contents

This was frustrating me for weeks.

I had a fairly standard out-of-the-box Apache configuration with SSL. My Apache was set up as:

root@myserver:/etc/apache2# apache2 -V
Server version: Apache/2.2.22 (Ubuntu)
Server built:   Nov  8 2012 21:37:30
Server's Module Magic Number: 20051115:30
Server loaded:  APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.6, APR-Util 1.3.12
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

The autoindex module was loaded:

root@myserver:/etc/apache2# apachectl -t -D DUMP_MODULES
apache2: apr_sockaddr_info_get() failed for myserver
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fastcgi_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 status_module (shared)
Syntax OK

I could list directory contents for the non-SSL site, but the SSL site would return 403 Forbidden and put the following entries in the error.log file:

[Tue Jan 29 14:03:31 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/secure/test/index.html
[Tue Jan 29 14:03:31 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/secure/test/index.htm

Inside my /etc/apache2/sites-enabled/001-default-ssl configuration file I had the following entries:

        DocumentRoot /var/www/secure
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Order deny,allow
                deny from all
        </Directory>

        <Directory /var/www/secure/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

So Indexes was enabled for the document root for the SSL site! So why was I getting a 403?

I could list directories for my non-SSL site and it was configured as follows:

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        <Directory /var/www/secure/>
                Order deny,allow
                deny from all
        </Directory>

Solution: apparently having the following in any .htaccess file in the path of the folder prevented the directory listings:

    <FilesMatch "\.ht.*">
        Deny from all
    </FilesMatch>

I guess this is because the expression was designed to filter out .htaccess and .htpasswd but actually filtered out .html and .htm – and perhaps as the DirectoryIndex configuration parameter caused Apache to look for index.html and index.htm before calling autoindex it was being thwarted by the above filter.

Removed this and now getting my directory listings!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: