Saprouttab, route permission denied

hi,
I have to open one ITS (internet transaction server) link to SAP thru saprouttab. I have done the entry in saprouttab. But when SAP is trying to connect, he is getting error "SAP WEB PROXY: destination server not reachable"
detail error : route permission denied.
I have a ITS link <hostname.mycompany.com> and the port is 80. In saprouttab table, permission is given and entry is
P 204.79.199.2 <hostname.mycompany.com> 80
P 147.204.2.5 <<hostname.mycompany.com> 5631
My Question:
What is the correct port for ITS link ? Since my ITS link is having default port 80, I have given 80 in saprouttab. But still it is giving error route permission denied. SAP has send me the error screen snapshot and in that destination port it is showing 3299.
Can any one help me what should be the correct entry in saprouttab and the correct port number ?? Is there any way I can check the permission before asking SAP to check ?
Thanks
Regards,
Basis

hi basis ck,
3299, is the SAP Gateway Service port. So check whether this service is mentioned in "service" file or not. If not then make an entry there.
Normally, if u have a SAPGUI installed in ur machine, then the entry will be automatic.
I think then connection should be ok or else then try with 3299 in place of 80 in ur saprouttab entry.
with regards,
Samarpan

Similar Messages

SAP ROUTE PERMISSION DENIED

Hi Experts,
When i try to logon SAPNET from T/Code OSS1 its througing error as
"sapsrv2a: route permission denied(12.34.23.5 to oss1 sapdp01)
Location SAPoruter 37.15 on sapserv2a
Component NI
Release 640
Version 37
Return Code -93
Counter 5
Kindly suggest any solution for this problem
Thanks in Advance,
Ramamurthy

HI
I have this error too if I try to logon to sapnet with OSS1 transaction.
you must logon to sapnet trought internet explorer http://service.sap.com
Note 33135 - Guidelines for OSS1
Note Language:      Version: 15     Validity: valid since 30.06.2006
PDF     Download Corrections     Compare Versions     SSCR
     Go to SAP Note: Display
Content: Summary | Header Data | Releases | Related Notes
Summary
Symptom
You are using transaction OSS1 to establish a remote connection.
Other terms
OSS1, RFC connections to SAPNet - R/3 Frontend, SAPOSS, OSS_RFC, SAProuter
Reason and Prerequisites
Remote connection to SAP, R/3 system
Solution
On April 03, 2006, SAPNet - R/3 Frontend was deactivated as a user interface. SAPNet - R/3 Frontend, which was introduced in 1995 as SAP's Online Service System (OSS), was SAP's first and, for a long time, its only support system, which customers worldwide accessed using transaction OSS1.
Today, the SAProuter connection via transaction OSS1 continues to be used for the following RFC connections:
- Transfer of EarlyWatch Alert data
- Exchange of data using the SAP Notes Assistant
To install and configure this transaction, proceed exactly as follows:
1. Making the technical settings for OSS1
You must configure transaction OSS1 before you can use it. Choose "Parameter" from the menu bar (-> Techn. Settings) and choose "Change".
The technical settings for transaction OSS1 are set by default to Walldorf (sapserv3) with the IP address 147.204.2.5. If this address does not correspond with the entry in your host file, choose the sapserv3 IP address that is valid for you by choosing the menu option "SAPRouter at SAP -> Walldorf".
Furthermore, enter your local SAPRouter information in the "SAPRouter 1" fields. Now save the settings.
After making these changes, the screen for the technical settings should be as follows:
Router data for the logon to SAPNet - R/3 Frontend
-Customer SAPRouters----
-SAPRouter 1----    -SAPRouter 2----
Name         my_saprouter
Name
IP Address   x.x.x.x
IP Address
Instanc No. 99
Instance No.
-SAPRouter and OSS Message Server at SAP----
-SAPRouter at SAP----    -OSS Message Server----
Name          sapservX
Name          oss001
IP Address    x.x.x.x
DB Name       O01
Instance No. 99
Instance No. 01
NOTE:
Replace sapservX with the following values:
sapserv1 (194.117.106.129) connection via Internet VPN
sapserv2 (194.39.131.34) connection via Internet SNC
sapserv3 (147.204.2.5)    for customers with connection to Germany
sapserv4 (204.79.199.2)    for customers in America
sapserv5 (194.39.138.2)    for customers with connection to Japan
sapserv6 (194.39.139.16) for customers in Australia and New Zealand
sapserv7 (194.39.134.35)   for customers in Asia
Choose "Start Logon to SAPNet - R/3 Frontend". If the system issues message S1 452, there are errors in the operating system configuration. In this case, see appendix A.
When you install an access authorization file "saprouttab", you should ensure that all of your front ends and R/3 servers can establish a connection to sapserv3, service sapdp99. Appendix E contains examples of saprouttabs. For more information on the SAPRouter, refer to the SAPRouter documentation (Note 30289).
Try it again until the dialog box "Please select a group" appears. If the dialog box "Please select a group" is displayed, the configuration for transaction OSS1 is correct. You can then proceed with the next section.
NOTE:
When you try to log on to SAPNet - R/3 Frontend, the system issues an error message indicating that you are no longer allowed to log on to SAPNet - R/3 Frontend.
2. Further questions?
As soon as you have carried out the steps described above, transaction OSS1 should connect you to the most efficient SAPNet - R/3 Frontend application server.
If you have further questions or problems, the file entitled "OSS1. TroubleShooting" contains additional information. If you have a problem that you cannot solve, contact our hotline: 0180/5 34 34 3-3.
Appendix A
If message S1 452 appears when you try to log on to SAPNet - R/3
Frontend with transaction OSS1, there is an incorrect setting somewhere (either in the technical settings for OSS1 or at operating system level).
To find out why the connection to the message server was unsuccessful, choose Tools (Case, Test ( Developer trace (transaction ST11). The trace contains an entry for dev_lg. This file contains the error log. The LOCATION line, if available, contains the host on which the error occurred. The problem description is found in the ERROR line. If you cannot find the entry dev_lg, check whether the program "lgtst" exists (see appendix B).
Examples of the contents of dev_lg:
ERROR       partner not reached (host abc.def.gh.i, service sapdp99)
TIME        Thu Aug 10 09:17:57 1995
RELEASE    21J
COMPONENT   NI (network interface)
VERSION    15
RC          -10
MODULE      niuxi.c
LINE        773
DETAIL      NiPConnect
SYSTEM CALL connect
ERRNO      239
ERRNO TEXT Connection refused
COUNTER    1
Here, the system could not reach the SAPRouter. For example, no SAProuter could be found under service 99 (port 3299) on the host with the IP address abc.def.gh.i. The SAPRouter process does not work or the IP address was not configured correctly in OSS1.
ERROR      service 'sapdp99' unknown
TIME        Thu Aug 10 09:22:00 1995
RELEASE    30A
COMPONENT   NI (network interface)
VERSION    17
RC          -3
MODULE      niuxi.c
LINE        404
DETAIL      NiPServToNo
SYSTEM CALL getservbyname
COUNTER    1
This message indicates that the service sapdp99 was not entered in /etc/services. Add the entry in /etc/services. This must be available on all R/3 servers and front ends.
LOCATION    SapRouter on abc.def.gh.i
ERROR      route permission denied (XXXXXXXX to sapservX, sapdp99)
TIME        Thu Aug 10 09:37:44 1995
RELEASE    30A
COMPONENT   NI (network interface)
VERSION    17
RC          -94
MODULE      nixxrout.c
LINE        1426
COUNTER    1
The file saprouttab, which contains the valid connections, is not correct. The SAPRouter on the host abc.def.gh.i does not set up the connection to sapservX. Check the SAPRouter file saprouttab. This should contain every R/3 server and frontend (see also appendix E).
LOCATION    SapRouter on abc.def.gh.i
ERROR      internal error
TIME        Thu Aug 10 10:50:18 1995
RELEASE    21J
COMPONENT   NI (network interface)
VERSION    15
RC          -93
MODULE      niuxi.c
LINE        773
DETAIL      NiPConnect
SYSTEM CALL connect
ERRNO      242
ERRNO TEXT No route to host
COUNTER    1
This error message indicates that the host abc.def.gh.i cannot process the IP address of the next host configured in OSS1. If the SAPRouter error message appears and the next host is sapservX, check the address for sapservX. OSS1 is delivered with the default settings sapserv3 and IP address 147.204.2.5. Customers in the U.S.A. are normally connected to sapserv4, IP address 204.79.199.2. If required, change the technical settings of OSS1 accordingly.
ERROR      internal error
TIME        Thu Nov 23 00:11:20 1995
RELEASE    21J
COMPONENT   NI (network interface)
VERSION    15
RC          -1
COUNTER    1
This message shows that the instance number entered does not agree with at least one of the technical settings for the SAPRouter defined in OSS1. The default for the instance number of the SAPRouter is 99. Under no circumstances should you enter the instance number of your R/3 system for the SAPRouter. You need to specify instance number 99 for sapservX. Otherwise, it is not possible to log on to SAPNet - R/3 Frontend.
LOCATION    SapRouter on sapservX
ERROR       route permission denied (XXXXXX to oss002, sapmsO01)
TIME        Mon Nov 27 19:25:54 1995
RELEASE    30A
COMPONENT   NI (network interface)
VERSION    15
RC          -94
MODULE      nixxrout.c
LINE        1390
COUNTER    1
An incorrect server was entered as message server 001, in this example, the server oss002. The message server for O01 is oss001. Change the technical settings for transaction OSS1 accordingly.
Appendix B (for Windows NT only)
Change to the directory "\usr\sap\<SID>\SYS\exe\run" and search for the program "lgtst.exe". If you cannot find it, or if the length of this file is not exactly 640216 bytes, import the program "lgtst.exe" from sapservX via ftp:
> ftp sapservX
Connected to sapservX.
220 sapservX FTP server (Version 1.7.194.2 Wed Sep 8 17:23:04 GMT 1993) ready.
Name: ftp
331 Guest login ok, send ident as password.
Password: <Your_customer_number>
ftp> cd dist/permanent/OSS1/lgtst.exe
250 CWD command successful.
ftp> binary
200 Type set to I.
ftp> get lgtst.exe
150 Opening BINARY mode data connection for lgtst.exe (640216 bytes).
226 Transfer complete.
640216 bytes received.
ftp> bye
Copy this file into the aforementioned directory.
Appendix C
The messages from transaction OSS1 (error messages and information) are given in the following list. Each message is described briefly.
|No.| Message Text
|450| Maintain technical settings first.
|452| Unable to connect to SAPNet - R/3 Frontend message server.
|454| E: Unable to start SAPGUI.
|455| SAPGUI was started.
|456| Specify a server name.
|457| Specify an IP address.
|458| Specify an instance number.
|459| Specify a database name.
|460| No authorization to log on to SAPNet - R/3 Frontend.
|461| No authorization to maintain technical settings.
|462| E: RFC destination could not be generated
Number 450: Maintain technical settings first
You can only log on to SAPNet - R/3 Frontend if the technical settings
are maintained. The technical settings determine the network path from the customer R/3 system to the online service system.
Number 452: Unable to connect to SAPNet - R/3 Frontend message server.
This message appears if the connection to the SAPNet - R/3 Frontend message server was not possible (system name O01, server oss001). There can be different reasons for this (see appendix A).
Number 454: E: Unable to start SAPGUI.
Transaction OSS1 could start the SAPGUI (not SAPTEMU), either because the program does not exist in the path given, or because the execute permission is not set correctly. Check whether the SAPGUI exists; SAPTEMU alone is not sufficient.
Number 455: SAPGUI was started.
This is not an error message. It merely informs you that an additional SAPGUI was started to establish a connection to SAPNet - R/3 Frontend.
Number 456: Specify a server name.
The server name was omitted from the technical settings.
Number 457: Specify an IP address.
The IP address was omitted from the technical settings.
Number 458: Specify an instance number.
The instance number was omitted from the technical settings.
Number 459: Specify a database name.
The database name for the Online Service System (001) was omitted from the technical settings.
Number 460: No authorization to log on to Online Service System
You do not have authorization to call transaction OSS1. Up to Release 2.2F: The authorization S_TSKH_ADM is checked for value 1. After Release 2.2F: For transaction OSS1, there are two special authorization profiles (see appendix D).
Number 461: No authorization to maintain technical settings.
You do not have the authorization to maintain the technical settings (see appendix D).
Number 462: E: RFC destination could not be generated.
In Releases 2.2, you can ignore this message. When saving the technical settings, an attempt is made to generate the RFC destination SAPOSS. The length of an RFC destination is limited in 2.2, and the maximum length was exceeded by the parameters of the technical settings.
Appendix D
As of Release 2.2F, there are two different authorization profiles for transaction OSS1: S_OSS1_START and S_OSS1_ADMIN.
S_OSS1_START authorizes you to call transaction OSS1 and to log on to the Online Service System. In addition, S_OSS1_ADMIN contains the
authorization to maintain the technical settings for the transaction.
The technical settings of OSS1 must be made at least once. Therefore, add S_OSS1_ADMIN to your user profile, log off, and then log on again afterwards.
Appendix E
Prerequisites:
(A TCP/IP connection can be established between the SAProuter on
the customer system and the SAProuter on sapserv3 in Walldorf.
(The SAProuter process must be started on the server that is registered
with SAP:
saprouter -r -R saprouttab &
Example of the "saprouttab" file with minimum configuration:
saprouttab - Example
Allows connections from the entire customer network to sapservX
and therefore to the Online Service System via SAProuter port 3299.
P      *      sapservX    sapdp99         *
Allows connections from sapserv3 to the entire customer network,
for example for EarlyWatch or First Level Support.
P   sapservX      *          *            *
Header Data
Release Status:     Released for Customer
Released on:     30.06.2006 09:13:57
Priority:     Correction with high priority
Category:     Consulting
Primary Component:     XX-SER-NET Network connection
Antonio.
Edited by: Antonio Voce on May 22, 2008 5:07 PM

SAPRouter problem ERROR: sapserv2a: route permission denied

Hello Gurus,
we have a problem with connection with SAPOSS, when we test the connection present the following message:
Connection Error
Error when opening an RFC connection
ERROR: sapserv2a: route permission denied (200.30.70.220 to oss001, sapmsOSS)
LOCATION: SAProuter 37.15 on sapserv2a
COMPONENT: NI (network interface)
COUNTER: 5
MODULE:
LINE:
RETURN CODE: -93
SUBRC: 0
RELEASE: 640
TIME: Fri Apr 11 23:54:16 2008
VERSION: 37
In the Tx OSS1 we have:
saprouter1
name: server name where saprouter is installed
IP address: LAN IP address where saprouter is installed (is locally intalled)
Instance no. 99
Saprouter at SAP
Name sapserv2
IP Address 194.39.131.34 (ping to this IP response)
instance 99
name oss001
db name o01
instance 01
In Tx ST11, dev_lg log file contains:
RSTR0006: Display Developer Traces
trc file: "dev_lg", trc level: 1, release: "700"
[Thr 4780] Fri Apr 11 16:41:16 2008
[Thr 4780] *** ERROR => NiBufIProcMsg: hdl 0 received rc=-93 (NIEROUT_INTERN) from peer [nibuf.cpp    2125]
[Thr 4780] *** ERROR => MsINiWrite: NiBufSend (rc=NIEROUT_INTERN) [msxxi.c      2480]
[Thr 4780] *** ERROR => MsIAttachEx: MsINiWrite (rc=NIEROUT_INTERN) [msxxi.c      734]
[Thr 4780] *** ERROR => LgIAttach: MsAttach (rc=NIEROUT_INTERN) [lgxx.c       3980]
[Thr 4780] *** ERROR => LgApplSrvInfo: LgIAttach(rc=LGEMSLAYER) [lgxx.c       1272]
[Thr 4780]
[Thr 4780] * LOCATION    SAProuter 37.15 on sapserv2a
[Thr 4780] * ERROR       sapserv2a: route permission denied (200.30.70.220 to oss001,
             sapmsO01)
[Thr 4780] *
TIME        Fri Apr 11 23:32:17 2008
[Thr 4780] * RELEASE     640
[Thr 4780] * COMPONENT   NI (network interface)
[Thr 4780] * VERSION     37
[Thr 4780] * RC          -93
[Thr 4780] * COUNTER     3
[Thr 4780] *
[Thr 4780] *****************************************************************************
dev_rout file in /usr/sap/saprouter contains:
trc file: "dev_rout", trc level: 1, release: "700"
Fri Apr 11 17:02:21 2008
SAP Network Interface Router, Version 38.10
command line arg 0:     saprouter
command line arg 1:     -r
command line arg 2:     -R
command line arg 3:     ./saprouttab
main: pid = 5504, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: './saprouttab'
Fri Apr 11 17:02:36 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2125]
Fri Apr 11 17:03:15 2008
ERROR => NiBufIProcMsg: hdl 2 received rc=-94 (NIEROUT_PERM_DENIED) from peer [nibuf.cpp    2125]
Thanks,
HEPC

Hello Kaushik,
the problem was solved adding the following line in the saprouttab file, this line must be the firts line in the file:
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
the file continue with:
inbound connections MUST use SNC
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3299
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 1> 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server 2> 3200
outbound connections to <sapserv2> will use SNC
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" <IP server with saprouter> 3299
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 3299
permission entries to check if connection is allowed at all
P <IP server 1> 194.39.131.34 *
P <IP server 2> 194.39.131.34 *
I hope this solve your problem,
Hernando Polania
Colombia

Sapserv1:route permission denied (216.53.212.149 to 147.204.100.55, sapdp01

Hi,
We are having issue with our sapnet connection. When ever I am trying to connect to sapNet im getting this error. The following is the procedure i m doing
1. t-code oss1
2. logon to SAPNet
3. selecting the group PUBLIC
then I m getting thid error
sapserv1:route permission denied (216.53.212.149 to 147.204.100.55, sapdp01)
Please reply me back ASAP as this is urgent issue. I will appriciate ur help n sugsestions.

Hi,
On April 03, 2006, SAPNet - R/3 Frontend was deactivated as a user interface. SAPNet - R/3 Frontend, which was introduced in 1995 as SAP's Online Service System (OSS), was SAP's first and, for a long time, its only support system, which customers worldwide accessed using transaction OSS1.
Today, the SAProuter connection via transaction OSS1 continues to be used for the following RFC connections:
- Transfer of EarlyWatch Alert data
- Exchange of data using the SAP Notes Assistant
To install and configure this transaction, proceed exactly as follows:
1. Making the technical settings for OSS1
You must configure transaction OSS1 before you can use it. Choose "Parameter" from the menu bar (-> Techn. Settings) and choose "Change".
The technical settings for transaction OSS1 are set by default to Walldorf (sapserv3) with the IP address 147.204.2.5. If this address does not correspond with the entry in your host file, choose the sapserv3 IP address that is valid for you by choosing the menu option "SAPRouter at SAP -> Walldorf".
Furthermore, enter your local SAPRouter information in the "SAPRouter 1" fields. Now save the settings.
NOTE:
Replace sapservX with the following values:
sapserv1 (194.117.106.129) connection via Internet VPN
sapserv2 (194.39.131.34) connection via Internet SNC
sapserv3 (147.204.2.5)    for customers with connection to Germany
sapserv4 (204.79.199.2)    for customers in America
sapserv5 (194.39.138.2)    for customers with connection to Japan
sapserv6 (194.39.139.16) for customers in Australia and New Zealand
sapserv7 (194.39.134.35)   for customers in Asia
Choose "Start Logon to SAPNet - R/3 Frontend". If the system issues message S1 452, there are errors in the operating system configuration.
When you install an access authorization file "saprouttab", you should ensure that all of your front ends and R/3 servers can establish a connection to sapserv3, service sapdp99.
Try it again until the dialog box "Please select a group" appears. If the dialog box "Please select a group" is displayed, the configuration for transaction OSS1 is correct.
I hope this will help you.
Regards
Aashish Sinha
PS : reward points if helpful

Saprouter "sapserv3: route permission denied"

Hi!
I have one question regarding the SAP router functionality.
If I check the connection via Tx. OSS1 I can choose the different groups (EWA, 1_PUBLIC, etc.) but after this I am getting the error "sapserv3: route permission denied (212.6.91.12 to 10.16.1.19, sapdp01").
<b>How can I solve the problem?</b>
My SAPROUTTAB looks like "P * * *" (it means alls connections are allowed)

Hi Axel,
The direct connection via OSS1 is not possible anymore. SAP has deactivated this since April-2006.
You should make the configuration in OSS1 (I think that is okay for your case as you are getting the different group selection as pop-up).
Only RFC connection logon is allowed. For more info please check note: 33135
http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=33135&_NLANG=E
Cheers !!
Satya.
PS: Pls reward points if the answer is helpful...Thx.

Route permission denied

Hello everbody;
When I want to entry to the server sap, I have this error route permission denied (181.66.156.130 to n4sexternal,sapdp01)
Someone can help me please

Hi, Robert!
You'll have to config your SapRouter appropriately. It's usually done by Basis team.

SAPROUTER - route permission denied

Hello.
I'm trying to connect my ERP to SAPNet but i'm getting troubles.
This is the error.
[Thr 4812] * LOCATION    SapRouter on sapserv2a
[Thr 4812] * ERROR       sapserv2a: route permission denied (80.37.122.205 to oss001,
             sapmsO01)
[Thr 4812] *
TIME        Mon Jun 25 10:24:43 2007
[Thr 4812] * RELEASE     620
[Thr 4812] * COMPONENT   NI (network interface)
[Thr 4812] * VERSION     36
[Thr 4812] * RC          -93
[Thr 4812] * COUNTER     19
[Thr 4812] *
[Thr 4812] *****************************************************************************
I have the 3299 port open for the saprouter host.
My saprouter is registered in SAP, i have my certificated and i applied correctly on my saprouter.
My routerttab permits all traffic. P * * * *
I'm configuring my connection on the SM59 transaction.
Target system: OSS
Msg. Server: /H/194.39.131.34/H/OSS001
Language: EN
Client: 001
User: My SSO number
PWD: My sso password.
Any idea?
Thanks in advance.

Hi,
As of April 3rd, 2006 the SAPNet R/3 Frontend will be not available for
Support applications anylonger. It will be substituted by both supports Platforms,
SAP Support Portal and SAP Solution Manager
So OSS1 -->Logon to SapNet (Does not work).
You can maintain the IP's and Other Information in OSS1 -->Paramter ->Technical Settings. which will modify the "SAPOSS" RFC destination.
Thanks,
Tanuj

SAPRouter - sapserv2a: route permission denied

Hi Gurus,
I have configured and registered SAProuter.
Version: SAP Network Interface Router, Version 38.10
When try to Log On to SAPNet with 1_Public , I get following error
*sapserv2a: route permission denied
Routtab entired:
SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC connection to local system for R/3-Support
R/3 Server: 192.168.2.4
R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.2.4 3200
SNC connection to local WINDOWS system for WTS, if applicable
Windows server: 192.168.2.35
Default WTS port: 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.2.35 3389
Access from the local Network to SAP
P 192.168.. 194.39.131.34 3299
Deny all other connections
D * * *
SOLMAN: SP17
WIN32
I did not find any latest version of SAPRouter for WIN32. Please suggest ..
Regards
Shreeshail Ganiger

Hi,
> *sapserv2a: route permission denied
>
Why it is picking sapserv2a ? It should be sapserv2. Please check.
Thanks
Sunny

JCO Connection - route permission denied

Coulds any one suggest on this error
Connect to SAP gateway failed Connect_PM
Rout permission denied

Hello Mario,
it seems that the SAP Router which is used with hte connection String does not allow you to connect. Have you tried the Connection string to logon with SAP GUI?
Regards
Gregor

Permission denied in sap router

Hello everybody,
I have installed the SAPROUTER.
when our remote user login by SAPSTRING 114.240.174.28 then user can login without any problem
but when the user used the /H/114.240.174.28/H/192.168.0.170/S/3299/H/
then they can not able to login, get error
router permission denied 115.240.50.30 to 192.168.0.170, 3299
I have check the saposs RFC from sap its work fine.
In my SAP routtab file I maintain the entries as follows
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.180 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.185 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.186 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.180 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.185 *
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.168.0.186 *
P * 194.39.131.34 3299
P * * *
Please suggest where is wrong.
Thanks
Ganesh

HI,
Our remote user can access with the /H/external_IP_of_saprouter/H/internal_IP_of_saprouter/H/ this string
but now they are not able to access by using above said string , when they tired to access they got message
like
router permission denied 115.240.50.30 to 192.168.0.170, 3299
actually, in saprouttab I mention P * * * .
Thanks
Ganesh

Continous mDNSPlatformTCPConnect ("Permission denied") errors. What does this mean? What should I do to resolve this?

MB Air (1.8GHz); MacOS 10.9.2
In the System Log I see frequent and, at times, continuous (up to several per second) entries like the following:
4/16/14 9:00:13.936 AM mDNSResponder[73]: ERROR: mDNSPlatformTCPConnect - connect failed: socket 63: Error 13 (Permission denied) length 16
While I can't point to any specific system issues that result from this, I do have the following (perhaps related, perhaps unrelated) problems:
1. Over time, memory pressure gradually increases until, every few days, I need to re-boot. I'm not accustomed to having to perform "maintenance boots" under MacOS. (For example, my Mac Mini, also running Mavericks, runs for weeks/months without needing to re-boot; it's my household media server, running iTunes but that's about it.) Feels like a memory leak to me.
2. TimeMachine is unpredictable for me. When I have TimeMachine enabled, it will do incremental backups for up to a day or so, then the machine ends up in what looks like a run loop, with apps (such as Mail) in a "not responding" state. Can't reliably force-quit those apps at that time - pretty much have to hard-boot the machine and restart. (Note that I'm using a QNAP NAS disk array; has worked fine in the past, pre Mavericks; I'm running latest/greatest NAS firmware.)
At any rate, any insights regarding the DNS error (what it means; what triggers it; whether I should care; if so, what I should do to quell it; etc.) deeply appreciated.
Doug Engfer

May I ask why you want me to remove the AV software?
Because it's the likely cause of your problem, and even if it isn't, it's worse than useless.
1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
   3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
   For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, your browser, or anything else.
Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
High-priced commercial software such as Photoshop is "cracked" or "free."
An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
You win a prize in a contest you never entered.
Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
Anything online that you would expect to pay for is "free."
Unexpected events
You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
   6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial "anti-virus" products?
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. Research has shown that most successful attacks are "zero-day"—that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
Most importantly, a false sense of security makes you more vulnerable.
8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize by the file name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need any software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's seldom a reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may be useful if an ill-informed network administrator says you must run some kind of "anti-virus" application.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining Bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
Nothing can lessen the need for safe computing practices.

I get an error message when I try to revise items I am selling on ebay. eBay says it is my computer. This is the error message as follows lscgid: execve():/home/wwocom/public_html/style.cgi: Permission denied..What can I do

I get an erro message when I try to revise my items while selling on ebay.
The error message is as follows: lscgid: execve():/home/wwocom/public_html/style.cgi: Permission denied
I called ebay they say it is my computer.
What do I do to clear this message so I can sell on eBay?

That's a server message : ebay's computers, rather than yours.
You could try clearing cache & cookies for ebay in your browser : eg. Safari - Preferences - Privacy
& if you still have problems, restart your modem/router.
You're sure that the message shows at a genuine ebay site ? : see the recent replies at
http://community.ebay.com/t5/Trust-Safety-Safe-Harbor/Fake-eBay-Sign-In/td-p/185 55847/page/2

How to resolve "SCRIPT70: Permission Denied" on IE10?

Hi there,
One some of IE10/WIN7 machines, the javascript-coded popup menu is disabled on an enterprise web application. I enabled the developer tools and found the following error. It is clear that the issue is not with the web application, but with IE or
client machine configuration. I have been searching for the solution for one week and still go nowhere. The javascript is enabled on browser side. What information shall I collect to narrow down the problem? Thank you.
Error Msg is:
SCRIPT70: Permission Denied
PopupMenu.js, line 305 character 1.
Jay

I have the same problem.
I actually have a web site developed with angularJs v1.2.26, with firefox and chrome its all ok, but i
have the need of compatibility with IE10 and up.
Sometimes I get the error "SCRIPT70:
permission denied" and its solved clicking F5 and information is loaded, but its not a real solution.
I have a route /login when someone enters to my web site, and in this controller the only thing that happens is a redirecto to a url where user is authenticathed with
SAML.
The code i have in this login.controller.js is:$window.location.href = '/auth/saml/login';
I think IE10 has some problem in reload information, or with this code.
Also when user is logeed and IdP send me the response , user is redirected to my main page for watchinf information. "res.redirect('/') and I have the same error too.
What could happen? In other browsers all is correct. Could you reach/find a solution?
Thank you too much.

Rlogind: Permission denied.

Let me start with I know very little about the Solaris OS or any flavor Unix. This was dumped on me when the server was installed and rsh and rlogin would not work becasue we do not have a Solaris admin on staff. So please talk slow.
When we attempte to rlogin across the network to this new server the error rlogind: Permission denied. is returned. RSH returns nothing at all, just a blank line. Due to some IP conflicts and routing issues, I have had to play some games to allow connectivity between the source network and the server. The IP we rsh to is an IP on the firewall mapped to an IP that is NATed to the real server IP. RSH and RLOGON has been tested coming from another network segment not going through all the NAT's and Mapped IP's and that works ok. I have simulated the setup on my firewall to another server and RLOGON works through the mapped IP setup. The only part I do not have access to test is the NAT to the real server IP on the vendor network.
What do I need to be looking at to make this work?

Hello,
Please try to login from the server where the rsh server daemon is running and let us know the result.
ex : rlogin localhost
Thanks,
Sal.

Apache user dir (13)Permission denied: access to /~simha/ denied

I am getting Access forbidden! when I am trying to connect to http://localhost/~simha/ where simha is my user name
my /var/log/httpd/error_log says
[Thu Jul 08 17:44:30 2010] [error] [client 127.0.0.1] (13)Permission denied: access to /~simha/ denied
I tried a lot and gave up. Can any one help me in this in regard
The following are the permisions of my home dir simha and public_html
drwx--x--x 130 simha users 16384 Jul 8 17:04 simha
drwxr-xr-x 2 simha users 4096 Jul 8 17:02 public_html
The following are my httpd.conf
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/etc/httpd" will be interpreted by the
# server as "/etc/httpd//var/log/httpd/foo_log".
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/etc/httpd"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80
Listen 80
# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User http
Group http
</IfModule>
</IfModule>
# 'Main' server configuration
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
ServerAdmin [email protected]
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
# If your host doesn't have a registered DNS name, enter its IP address here.
#ServerName www.example.com:80
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/http"
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
<Directory "/srv/http">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
Options Indexes FollowSymLinks includes
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
</Directory>
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog "/var/log/httpd/error_log"
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
<IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
CustomLog "/var/log/httpd/access_log" common
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "/var/log/httpd/access_log" combined
</IfModule>
<IfModule alias_module>
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
</IfModule>
<IfModule cgid_module>
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#Scriptsock /var/run/httpd/cgisock
</IfModule>
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
<Directory "/srv/http/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
DefaultType text/plain
<IfModule mime_module>
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
TypesConfig conf/mime.types
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#AddType application/x-gzip .tgz
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
# Filters allow you to process content before it is sent to the client.
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#MIMEMagicFile conf/magic
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
Include conf/extra/httpd-autoindex.conf
# Language settings
Include conf/extra/httpd-languages.conf
# User home directories
Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# phpMyAdmin configuration
Include conf/extra/httpd-phpmyadmin.conf
# Various default settings
Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
Include conf/extra/php5_module.conf
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
The following are my /etc/httpd/conf/extra/httpd-userdir.conf
# Settings for user home directories
# Required module: mod_userdir
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Note that you must also set
# the default access control for these directories, as in the example below.
UserDir public_html
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
I also tried adding user to the group http. BUt nothing is working.

Do you have [or more like lack] +x on the user folder?

Saprouttab, route permission denied

Similar Messages

Maybe you are looking for