LMS 3.2 Apache 403 Error on CGI Scripts

I've been chasing my tail for a couple of days now, and see no other option than to ask here. It's probably something reall
y dumb that I'm just not seeing.
On a Windows 2008 server with SP1 LMS 3.2 is running fine (as long as no one uses stupid scripts ;o)) on a good day, but whenever I try to access any of the cgi scripts installed under Program Files/CSCOpx/cgi-bin it get the dreaded "You don't have permission to access /cgi-bin/dbadmin/pdbadmin/nph-dbreader.pl on this server". The httpd.conf section for the CGI handling is as follows:
ScriptAlias /cgi-bin/ "D:/PROGRA~2/CSCOpx/cgi-bin/"
<Directory "D:/PROGRA~2/CSCOpx/cgi-bin">
AllowOverride None
Options +ExecCGI
AddHandler cgi-script .pl
#ScriptInterpreterSource Registry-Strict
ScriptInterpreterSource Script
</Directory>
LoadModule perl_module modules/mod_perl.so
What I would like to know is what have I missed..? You can see my first attempt by replacing the ScriptInterpreterSource from Registry-Script to the default, Script, to no avail...
Also, if I make any modifications to the httpd.conf file I cannot just restart the Apache daemon, I have to stop and start the daemon manager, otherwise no one can access the web login page: is that normal..? As in the following:
The Apache daemon is restarted:
[Fri Dec 11 15:14:38 2009] [notice] Child 6088: Child process is running
[Fri Dec 11 15:14:38 2009] [notice] Child 6088: Acquired the start mutex.
[Fri Dec 11 15:14:38 2009] [notice] Child 6088: Starting 500 worker threads.
[Fri Dec 11 15:14:38 2009] [notice] Child 6088: Starting thread to listen on port 1741.
[Fri Dec 11 15:14:38 2009] [notice] Child 6088: Starting thread to listen on port 443.
Lots of the following messages appear in the error.log file:
[Fri Dec 11 15:14:38 2009] [error] [client 10.185.64.101] client denied by server configuration: com.cisco.nm.cmf.servlet.LwmsMainServlet
[Fri Dec 11 15:14:38 2009] [error] [client 10.185.64.101] client denied by server configuration: D:/Program Files/CSCOpx/cgi-bin/error/403.pl
Any help would be most appreciated...
Regards,
Sean

I have no expirience with the W2008 OS yet.
I get the impression it does things differently.
If you know the casuser password, I asume you can try to log onto the server and try an run the perl script in a dos box.
Maybe it will provide a clue.
if you don't know the casuser password you can set it using CSCOpx\bin\resetpasswd.exe.
Cheers,
Michel

Similar Messages

403 error after installing SuPHP

Hi all,
I've installed SuPHP on my machine to develop website locally. However, When I visit either my localhost or a virtualhost on my machine I get a 403 forbidden error.
I have checked my permissions and they are ok.
However, I have PHP myadmin installed and the Alias for that (localhost/phpmyadmin) works with no issues.
I have included the contents of my httpd.conf susphp.conf and virtualhosts files below.
httpd.conf:
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd//var/log/httpd/foo_log".
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
LoadModule suphp_module modules/mod_suphp.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/srv/http">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock /var/run/httpd/cgisock
</IfModule>
<IfModule suphp_module>
AddHandler application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
suPHP_Engine on
# # Use a specific php config file (a dir which contains a php.ini file)
suPHP_ConfigPath /etc/php
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
AddHandler php5-script php
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# phpMyAdmin configuration
Include conf/extra/httpd-phpmyadmin.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
# PHP settings
Include conf/extra/php5_module.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
suphp.conf:
[global]
;Path to logfile
logfile=/var/log/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=http
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html:/srv/http
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false
;Send minor error messages to browser
errors_to_browser=true
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=33
; Minimum GID
min_gid=33
[handlers]
;Handler for php-scripts
application/x-httpd-php="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
application/x-suphp-cgi="execute:!self"
httpd_vhosts.conf:
# Virtual Hosts
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
# You may use the command line option '-S' to verify your virtual host
# configuration.
# Use name-based virtual hosting.
NameVirtualHost *:80
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/home/alexie/websites/RapidFire/public_html"
ServerName rapid.mouse
ErrorLog "/var/log/httpd/rapid.mouse"
CustomLog "/var/log/httpd/rapid.mouse" common
Options FollowSymlinks
suPHP_Engine on
SuexecUserGroup alexie users
SuPHP_UserGroup alexie users
</VirtualHost>
Any help would be appreciated as I've been googling this all morning with no joy.

The problem is that you have DSO module (php5_module a.k.a. mod_php) and suphp_module running at the same time. You can do this as long as both modules have differents handlers.
From Apache docs:
A "handler" is an internal Apache representation of the action to be performed when a file is called. Generally, files have implicit handlers, based on the file type. Normally, all files are simply served by the server, but certain file types are "handled" separately.
In your case, both php5_module and mod_php are interpreting "application/x-httpd-php".
Another advice, while the virtual host approach is semantically correct, remember that you could delegate it over userdir module. In other words, use public_html folder in user home directory and put settings of suPHP on http-userdir.conf file.
Please check the wiki page for more information: https://wiki.archlinux.org/index.php/suPHP

403 Error running ADF application in JCS

I am getting a 403 error while running a ADF application in JCS. I defined a security role and mapped it to a custom role. web.xml and weblogic.xml are pasted below
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
</context-param>
<context-param>
    <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
    <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
    <param-value>false</param-value>
</context-param>
<context-param>
    <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
    <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
    <param-value>true</param-value>
</context-param>
<filter>
    <filter-name>trinidad</filter-name>
    <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter>
    <filter-name>ServletADFFilter</filter-name>
    <filter-class>oracle.adf.share.http.ServletADFFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>trinidad</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
    <filter-name>ServletADFFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>MapProxyServlet</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
</servlet>
<servlet>
    <servlet-name>GatewayServlet</servlet-name>
    <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
</servlet>
<servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>BIGRAPHSERVLET</servlet-name>
    <url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>BIGAUGESERVLET</servlet-name>
    <url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>MapProxyServlet</servlet-name>
    <url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>GatewayServlet</servlet-name>
    <url-pattern>/flashbridge/*</url-pattern>
</servlet-mapping>
<mime-mapping>
    <extension>swf</extension>
    <mime-type>application/x-shockwave-flash</mime-type>
</mime-mapping>
<security-constraint>
    <web-resource-collection>
      <web-resource-name>constraint1</web-resource-name>
      <url-pattern>*</url-pattern>
    </web-resource-collection>
</security-constraint>
<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>default</realm-name>
</login-config>
<security-role>
    <description>javauser</description>
    <role-name>javauser</role-name>
</security-role>
</web-app>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd"
                  xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
<security-role-assignment>
    <role-name>javauser</role-name>
    <principal-name>manager</principal-name>
</security-role-assignment>
<session-descriptor>
    <cookie-path>cloudTest1</cookie-path>
</session-descriptor>
<context-root>/cloudTest1</context-root>
</weblogic-web-app>

Does it work without security ? Does it work with "BASIC" authentication ? Which browser are you using, there have been authorization issues with CLIENT-CERT on IE. Try FF and clear your cookies / cache before accessing.
Jani Rautiainen
Fusion Applications Developer Relations
https://blogs.oracle.com/fadevrel/

Subversion browser 403 error

I installed Subversion using the Apache server. Everything works fine, meaning I can import, checkout and commit using my account. However, what I am not capable of browsing the repositories using a standard browser. However, all permissions should allow this (in an previous Arch installment, I was capable of doing so, but I don't have the information of compare against).
I use SSL, the data for the virtual host directive:
<Location /svn>
DAV svn
SVNParentPath /srv/svn/repositories
AuthzSVNAccessFile /srv/svn/.svn-policy-file
AuthName "SVN Repositories"
AuthType Basic
AuthUserFile /srv/svn/.svn-auth-file
Satisfy Any
Require valid-user
</Location>
The policy file:
* = r
[test:/]
avdmeers = rw
[cg-i:/]
avdmeers = rw
[cg-ii:/]
avdmeers = rw
Permissions for svn: root:root 755
Permissions for svn/repositories: root:root 755
Permissions for all repos: http:http 755
The actual error thrown after being polled to confirm the security exception and giving up my account details in the browser is a 403 error, meaning the server fails to read. What am I missing?

Apparently a bug present in 1.6 to be fixed in 1.7: weird permissions issue
Browsing specific SVN projects works.

403 Error for user Websites

I have had the user websites suddenly start giving 403 errors on a 10.5.2 Leopard server. The main webpage is still working fine but all of the websites for users are not and they were as of last week. I have not messed around with the Apache conf files at all and the only thing which may have changed would be permissions but I have set them for staff - read only and others - read only and they still do not work.
I have found these pages and tried their suggestions to no avail:
http://www.macosxhints.com/article.php?story=20071027155902154
http://www.salmanmunir.com/2007/11/30/forbidden-403-error-in-leopard-mac-os-105- with-web-sharing-on/

403 error means that it is forbidden. This can occur for two reasons when accessing /~user/:
1) The user's directory (~user), their Sites directory (~user/Sites) or the index file (~user/Sites/index.html) has the wrong permisssions. Both of those directories must be readable and executable by the user www, and the index.html must be readable by www, which generally means everyone.
2) There is no index file for the user: (~user/Sites/index.html) That can be that either the index.html file is missing or the Sites directory is missing.

HTTP 403 Error

Hello,
I have a question about the Web service configuration.
I do a fresh install of OS X ML and the OS X server.
I use Calendar server and Contacts Server with no problem with My Iphone and Ipad.
But when I configure shared folders with Webdav, my Idevices can't connect to them.
Under Lion Server I didn't have this problem. So I looked the Web Server, and I can't access to the defalut website with a 403 error.
I'm not an expert Apache and Webservices.
Someone can say to me if there is a specific configuration to be done??
Thanks
Franck.

Hi jacekj and welcome to the BlackBerry Forums
Read this link please
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB03956&sliceId=1&docTy...
If I help you with any inquire, thank you for click kudos in my post.
If your issue has been solved, please mark the post was solved.

Error running HAL routine from a perl cgi script via a browser

Hi,
I'm getting an error while trying to run a HAL routine from a perl- cgi initiated from a web browser. Perl-Cgi script runs fine when run from command line.
07/23/2010|183648|N/A|Info|N/A|Analytic Services Adapter Log File Started
07/23/2010|183648|AppName/Plan2|Info|Connect|Method Started
07/23/2010|183648|AppName/Plan2*|Error|Connect|java.lang.UnsatisfiedLinkError: no HssJNIDriver950 in java.library.path*
07/23/2010|183648|AppName/Plan2|Error|Connect|Method Ended - Connect completed with exceptions.
07/23/2010|183648|N/A|Info|N/A|Analytic Services Adapter Log File Ended
I've added the following env. variables in Apache server's httpd.conf file
SetEnv ARBORPATH "E:\\Hyperion\\products\\Essbase\\EssbaseClient"
SetEnv APS_HOME "E:\\Hyperion\\products\\Essbase\\aps"
SetEnv ESSLANG "English_UnitedStates.Latin1@Binary"
SetEnv EASPATH "E:\\Hyperion\\products\\Essbase\\eas\\server"
SetEnv HYPERION_HOME "E:\\Hyperion"
SetEnv ESSBASEPATH "E:\\Hyperion\\products\\Essbase\\EssbaseClient"
SetEnv EAS_HOME "E:\Hyperion\products\Essbase\eas\console"
SetEnv CLASSPATH "E:\\Vignette\\V7\\vbis\\Hyperion\\EssbaseAdapter"
SetEnv PATH "E:\\Hyperion\\common\\ADM\\9.5.0.0\\Essbase\\9.5.0.0\\bin;E:\\Vignette\\V7\\vbis\\Hyperion\\EssbaseAdapter\\adm;C:\\Program Files (x86)\\Java\\jre1.5.0_17\\bin\\;E:\\Hyperion\\products\\Essbase\\EssbaseClient\\bin;E:\\Hyperion\\products\\Essbase\\EssbaseClient;E:\\Hyperion\\common\\CSS\\9.5.0.0\\bin;E:\\Hyperion\\products\\Essbase\\eas\\console\\bin;"
Any pointers would be appreciated.
Thanks in Advance!!

Vipul,
Vipul Sanghvi wrote:
I am facing problem in running a Perl CGI Script on Weblogic
Application
Server
I set the CGIServlet Property in the Weblogic Properties file as
weblogic.httpd.register.cgi-bin=weblogic.servlet.CGIServlet
weblogic.httpd.initArgs.cgi-bin=\
cgiDir=/weblogic/myserver/public_html/cgi-bin,\
*.pl=/bin/perl.exe,\It shouldn't end with ,\ right?
Was it a mistake?
-Kumar
>
I installed the Perl on my system and put the perl exe in the bin
directory
of the Weblogic App Server. But I am getting the error "failed to
execute
the test.pl ". Where test.pl is a simple test perl script.
APP server ver is WLE5 Beta[att1.html]

Apache/CentOS--error: attempt to invoke directory as script. Please help.

I am running CentOS 4.5 with kernel 2.6.9-55.EL and Apache 2.0.52.
When I am typing http://linxdell.systems.com to execute index.cgi, I am getting:
Forbidden
You don't have permission to access / on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request
In the error_log I found:
attempt to invoke directory as script: /var/www/htdocs/
But if I type http://linxdell.systems.com/index.cgi, it works fine.
Below is some of my httpd.conf:
DocumentRoot "/var/www/htdocs"
<Directory />
Options FollowSymLinks ExecCGI Indexes
AllowOverride All
</Directory>
<Directory "/var/www/htdocs">
Options Indexes FollowSymLinks All Multiviews ExecCGI
SetHandler cgi-script
AllowOverride All
Order allow,deny
Allow from all
</Directory>
DirectoryIndex generate_page.pl index.html index.htm index.cgi
ScriptAlias /cgi-bin "/var/www/cgi-bin" (also tried with Alias)
<Directory "/var/www/cgi-bin">
AllowOverride All
SetHandler cgi-script
Options ExecCGI Indexes
Allow from all
</Directory>
I will really appreciate any help to solve this problem.
Thanks.

Hi,
This is a example for your case:
<Directory "/var/www/html">
Options Indexes FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi .pl .sh
Order allow,deny
Allow from all
</Directory>
1. add "Options: +ExecCGI"
2. add "AddHandler cgi-script .cgi .pl .sh"
Details refer to:
http://httpd.apache.org/docs/2.0/howto/cgi.html
Best Regards,
Sipingal

403 Errors on Fragment Requests Using HTTPD Origin Module

Hi all,
We are having intermittent problems with the Adobe httpd origin module returning 403 errors on fragment requests. Our setup is we have Apache httpd running on an AWS EC2 Linux instance, with all of our video files loaded from an S3 bucket using yas3fs.
Most video files are served back fine by this configuration, but every once in a while one particular segment will encounter a problem where the plugin will report 403 on the f4f file. However, the f4f file exists and is world readable, and we can read the file using other tools as user 'apache'. So for all intents and purposes, it looks like the file us perfectly accessible to everyone except for the origin module. Stopping/restarting httpd does not fix the issue, but restarting the entire EC2 instance does. The system logs are clean, and the httpd error log only shows the 403 message, no other errors.
What next steps can we take to debug the issue? Is there any extra debugging we can turn on in the origin module? Anything else we can look at?
Thanks.

Thanks much for your timely response. We just upgraded the version of yas3fs to the latest from git. The previous version we were running was from Oct 2. We’ve enabled debugging and we’ll let you know what errors we see in the logs, we expect it will take a few days for the errors to reoccur, based on past experience.
We did run into some issues while trying to unmount yas3fs to do the upgrade, and maybe those errors will help you pinpoint what is going on. When we tried to umount the mount point, we got an error saying that the mount point was still in use. Lsof showed that the python process was holding on to the following file:
“python /home/ec2-user/util/yas3fs/yas3fs.py --no-metadata --cache-mem-size=0 --cache-disk-size=40240 --cache-on-disk=1 /var/www/video --url s3://…”
Even after we kill -9 the python process, there was still a problem. On yas3fs startup it reported that the mount point was invalid (probably a fuse issue?), so we ended up needing to reboot the entire machine in order to be able to remount everything from S3.
Thanks, James.

Web Sharing Permission 403 error after 10.5.3 Update

Personal Web Sharing was working fine on my iMac under 10.5.2. Had no problems web surfing to http://mymachine.whatever.com/~username and getting anything I put in my ~/Sites directory.
A while ago I upgraded to 10.5.3. I didn't notice at the time, but apparently that upgrade broke Personal Web Sharing. Ive checked this on two machines, each running 10.5.3 and both are non-functional.
Basic facts
- Apache is running
- browsing to http://mymachine.whatever.com/ returns the normal Apache "it worked" page.
- according to the httpd.conf, mod_userdir.so is loaded by default.
- extra/httpd-userdir.conf is being included, and that has the apache
UserDir Sites
directive in it.
- permissions on my ~/Sites directory are drwxr-xr-x+
which should mean any program on the box should be able to read it.
I am a bit puzzled by the "+" on the end, which seems to indicate extended permissions, but I've so far been unable to figure out what command displays those extended permissions.
- The apache error.log is logging
Permission denied: access to /~username/
which seems to indicate a file system level access problem. But everything looks in order, permission wise to me.
- running Repair Permissions from Disk Utility had no effect
- apachectl configtest reports the config is ok, and the error.log doesn't throw any errors on startup.
Anyone have any ideas?
Jeff

I have the same problem, but the permissions on my userdir are already drwxr-xr-x+ and I still get a "You don't have permission to access /~userdir on this server" when I try to browse to http://ipaddress/~userdir although http://ipaddress works fine. Also if I put a cgi script into /Library/WebServer/CGI-Executables and try to access that with http://ipaddress/CGI-Executables/mycgi.cgi I get a 404 Not Found error.

Leapord Upgrade - Apache 403 Forbidden

hey, I've seen this issue posted a bunch of times, and it seems that there's a single solutions out there that works for everyone. But me. I've created a screen cast video to show what I've done (follow the recommended solution) to see if anyone can see what I'm doing wrong.
Made the update from Tiger to Leopard. Now I get a 403 error message when I try to go to my local host. Although I don't show it in the screen cast, I've restarted apache, my "web sharing" and even my computer a bunch of times and it still hasn't helped.
http://screencast.com/t/3JrFV27iq
Thanks,
Justin

I'm not entirely sure what you mean or what you recommend that I do.
I'm serving my files out of the "/Library/WebServer/Documents/" directory directly, not my local /username/sites/" directory. In my user file though, I referencing the latter, so my user config file to override the permissions on the "/Library/WebServer/Documents/" directory?
I think I tried that, but had no luck. I'll try again.
I don't have a index file in the root directory, so it's possible that directy access listing is being denied, but I get the same "Forbidden" message when I go directly to any file also.

Intermittent 403 Errors

I'm getting intermittent 403 errors with Apache. I'm seeing the following in my apache error log:
modencconvert: entered
modencconvert: trying
modencconvert: converted
config_merge: entered
merged: enable_function == 2
merged: strip_msaccount == 2
merged: server_encoding == (null)
Unfortunately, that's about it. I Googled the errors and I'm coming up with nothing. Any help would be GREATLY appreciated!

Hi jonjames,
When did you met this error? Or which opertations did you do when you met this error?
From the first section error, it seems to be about user profile service, please make sure user profile service is running correctly.
And for the second section error, it seems that a user cannot access /personal/<domainuser>/Documents/Forms/All.aspx, please check whether the MySite is the user's MySite, and make sure the user has at least read permission for the MySite's Document
library.
In addition, if this issue still exists, please provide a screenshot about this error in SharePoint UI.
Best Regards,
Wendy
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

403 Error Message on a website?

Hello,
I tried to access a website, and I received a 403 Error Message.
It said:
"Error 403
We're sorry, but we could not fulfill your request for / on this server.
You do not have permission to access this server. Before trying again, run anti-virus and anti-spyware software and remove any viruses and spyware from your computer."
It gives me the option to fix it myself, and then that link took me to this message:
"Your request was intercepted by Bad Behavior, security software which protects the Web site you visited from malicious activity, such as hackers, spam and viruses. We apologize for the inconvenience, but your request matched a profile of suspicious activity. This problem is usually quite easy to fix.
Your computer's IP address was determined to have recently sent spam or engaged in malicious activity as reported by the Project Honey Pot monitoring service. This means your computer is most likely infected with viruses or other malicious software. See below for more information.
This problem may be caused by viruses or spyware on your computer, or by malicious software that pretends to be anti-virus or anti-spyware software. Ensure that you have REAL anti-virus and anti-spyware software on your computer, that they are kept up-to-date, and that you have run a full system scan using each tool. Once your system is cleaned of viruses and spyware, please try your request again.
The free Microsoft Security Essentials provides reasonable protection against a wide variety of malicious software.
If the above suggestions fail to resolve the problem, click Back and contact the e-mail address you were given for further assistance."
Then the contact email address was invalid!
The website is a valid teen site, nothing shady, and I haven't participated in any malicious activity that I know of!
Please help, I'm running Tiger 10.4.11 on a Macbook, using Firefox.
Thanks,
Jen

Hi BCJennyP, and a warm welcome to the forums!
Hard to tell if it's real or not, there is a Project Honey Pot Services...
http://www.projecthoneypot.org/services_overview.php
http://www.projecthoneypot.org/faq.php
We know you don't have a virus, but could be some spammer faking your IP.
To see if it's you or your provider, What's my ip...
http://www.whatismyipaddress.com/
Start with these three, check SpamCop or SpamHaus to see if your IP is there...
http://spamcop.net/bl.shtml
http://www.spamhaus.org/lookup.lasso
http://www.spamhaus.org/zen/
Sometimes an ISP will bloc a whole other ISP too, if it's the source of too much SPAM.
Might also see this post by Gallomimia...
http://discussions.apple.com/message.jspa?messageID=9465359#9465359
Klaus1 on viruses...
http://discussions.apple.com/thread.jspa?messageID=10582058#10582058
See if you might have this malware redirecting DNS queries...
http://macmegasite.com/node/3924
http://www.ehow.com/how2128387remove-osxrspluga-trojan-horse-mac.html
How to fix...
http://www.macosxhints.com/article.php?story=20071031114140862
Get MacScan...
http://www.apple.com/downloads/macosx/networking_security/macscan.html
Also, beware of MacSweeper, malware itself!
Nasty Nasty ! 1023.dmg...
http://x704.net/bbs/viewtopic.php?f=12&t=2178
MacSweeper, malware...
http://en.wikipedia.org/wiki/MacSweeper
If none of those are it, then report back please.

403 error when trying to access a previously uploaded document in App

I have 2 machines on one I am running WLS 10.3 with an admin server and a managed server called "dev" on a live box.
On the other, my dev environment I upgraded from 8.1 to 10.3 so it upgraded my server to have the admin server all in one i.e. deploy apps to that server too.
I have an app with a few entries that the deployment descriptor ( ejb-jar.xml) refers to a directory within the app, the directory is a location where files get uploaded to. It reads something like thisL
./app_name/web/uploads/document/
THe documents get uploaded to the correct location on both machines, but on the machine that has the managed server and admin server I cant actually view the documents - whih are viewed through a jsp....there is a Session Bean that creates a link to the document based on an id within the database(and not the actual filename itself), for retrieving the document, which is populated in a jsp. However in the Bean the directory is set like this:
String docUploadDir = "/upload/document/"
so the link gets generated like this:
www.mydomain.com/upload/document/?text=12345
This works on the upgraded WLS version where the domain got upgraded from 8.1 to 10.3, where the admin server bundled up as the apps server as well. However under the WLS 10.3 domain i created(which base location and domain names are the same as 8.1 version) I get a Forbidden 403 error when I try and view the documents.
Im assuming the forbidden comes about because I am trying to access a location on the machine that I shouldn't be allowed to. However where is the relative "docUploadDir" actually suppossed to exist?
Thanks in advance!
Paul

Questions:
- Did you set up a protected web realm?
- When you click on the link to the realm, you get the block message?
It's a little unclear what you've done to configure the web server and what you did to get the message.

SAS Token failed with 403 error while generating for each request using ARR module

Hi,
We are doing an e-Learning application, which plays a course on the browser (inside a div control). The course contains list of static contents such as html, js, css etc., and media files .mp4. We are hosting the static contents (.html, .js, .css etc) into
Azure blob storage and media files into Media Service and CDN.
When user triggers to take a course, the browser first request the Web Role with landing page (Ex: FirstPage.html) and with Course Unique Id - Ex:
https://cloudservice1.cloudapp.net/course/courseid/firstpage.html. We have written a custom ARR Module (http://www.iis.net/learn/extensions/url-rewrite-module/developing-a-custom-rewrite-provider-for-url-rewrite-module),
which receives the request, parse it and generate blob storage url with SAS token using C# code for each file. Then route to blob storage. (we have already passing storage account details to ARR Module using Web.config)
For single user, the course plays fine. But we do the load testing with > 400 user load (with 5 instances), we are getting many 403 errors (and not all files). If the load is less than 200, we don’t get such issue.
Also, we are using REST code to generate the SAS token. When the SAS token expiration time extending more than 60 min, getting error “Access without signed identifier cannot have time window more than 1 hour”. As the code is exist in ARR Module, unable to
refer the Storage Client assembly. This 60 min time interval is for each file request – so there could not be an issue on expiration, but feeling this might be an issue?
Can you please point me what could be the issue and how to solve this. Is the ARR Module caching the SAS token and providing the same even after the expiration time?
Many Thanks, Thirumalai M

hi,
There is a similar thread (http://stackoverflow.com/a/17572316 ), I recommend you could refer to it.
And I'd like to know how to set the expiry time in your code, and you could see this page (http://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey.

LMS 3.2 Apache 403 Error on CGI Scripts

Similar Messages

Maybe you are looking for