Client denied by server configuration ?

[jehoshua]

Hi,

I'm getting these messages, and can't figure out why, some sort of permissions problem ?

Code:

File does not exist: /home/username/public_html/403.shtml
client denied by server configuration: /home/username/public_html/includes/form_check.js.php
File does not exist: /home/username/public_html/403.shtml
client denied by server configuration: /home/username/public_html/includes/general.js.php

Here is the .htaccess for the .../includes path

Code:

# $Id: .htaccess,v 1.4 2001/04/22 20:30:03 dwatkins Exp $
#
# This is used with Apache WebServers
# The following blocks direct HTTP requests in this directory recursively
#
# For this to work, you must include the parameter 'Limit' to the AllowOverride configuration
#
# Example:
#
#<Directory "/usr/local/apache/htdocs">
#  AllowOverride Limit
#
# 'All' with also work. (This configuration is in your apache/conf/httpd.conf file)
#
# This does not affect PHP include/require functions
#
# Example: http://server/catalog/includes/application_top.php will not work

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

There are many other files in the same path/folder that would have been accessed when these error messages appeared, but they didn't have the file extension ".js.php", only ".php".

There are other websites on the same server, with exactly the same setup, except for one line I added the other day in the web root path, in .htaccess

Code:

php_value session.use_trans_sid 0

I was told to set that off, because I was having problems with sessions in PHP.

Any clues please ?

Peter

[drzoid]

I am not quite sure what you exactly ask for, but your .htaccess rules basically deny all requests for .php files. .js.php files are .php files as well, because ".js" isnt the extension but part of the filename.

[i_like_php]

Order Deny,Allow <<<
Deny from all <<<

these two lines are your problem. they should look like this...

Order Order,Deny
Allow from all

[jehoshua]

Hi,

I am not quite sure what you exactly ask for, but your .htaccess rules basically deny all requests for .php files. .js.php files are .php files as well, because ".js" isnt the extension but part of the filename.

I'm no Apache expert, but that's not correct, because if it was, none of the sites that use these PHP files would work at all. But the sites do work and have done so for years, with the .htaccess settings.

I think what you mean is it denies all direct requests, because it is the .htaccess file in the ../includes path, as I explained. It is not the .htaccess file in the web root path.

From the comment here in .htaccess for the /includes path

Code:

The following blocks direct HTTP requests in this directory recursively

... "direct" requests; you cannot try and run any of the .php files in the includes path directly, they are all either executed as 'require' or 'include' statements in PHP.

Thanks

Peter

[jehoshua]

Hi,

Order Deny,Allow <<<
Deny from all <<<

these two lines are your problem. they should look like this...

Order Order,Deny
Allow from all

I don't know what the "Order Order .. will do ?? Looks a bit strange to me.

Peter

[jehoshua]

Hi,

I'm now wondering if this code:

Code:

<script language="javascript" src="includes/general.js"></script>
<script language="javascript" src="includes/general.js.php"></script>
<script language="javascript" src="includes/form_check.js.php"></script>

is the cause of the problem. To my (very limited) understanding, JS is client side, PHP is server side, so if you have a .PHP file in a "client" side scripting (Javascript), then maybe this caused the message??

Anyway, I'll post on the Javascript forum, and ask there.

Thanks,

Peter

[drzoid]

Hi,



I'm no Apache expert, but that's not correct, because if it was, none of the sites that use these PHP files would work at all. But the sites do work and have done so for years, with the .htaccess settings.

I think what you mean is it denies all direct requests, because it is the .htaccess file in the ../includes path, as I explained. It is not the .htaccess file in the web root path.

From the comment here in .htaccess for the /includes path

Code:

The following blocks direct HTTP requests in this directory recursively

... "direct" requests; you cannot try and run any of the .php files in the includes path directly, they are all either executed as 'require' or 'include' statements in PHP.

Thanks

Peter

Of course thats what I meant.

[i_like_php]

Hi,



I don't know what the "Order Order .. will do ?? Looks a bit strange to me.

Peter

you have it set the deny anybody trying to access the particular directory, so if you change it to the suggestion i made, then clients will be able to visit the directory in question.

[jehoshua]

Hi,

you have it set the deny anybody trying to access the particular directory, so if you change it to the suggestion i made, then clients will be able to visit the directory in question.

I think you mean deny anybody from directly accessing any PHP files, note the "files" enclosure:

Code:

<Files *.php>
Order Deny,Allow
Deny from all
</Files>

which considering it is the /includes path, that is what we want, no direct access to any PHP files, for anybody.

Peter