• If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Announcement

Collapse
No announcement yet.

[Resolved] HTTP 403 Forbidden

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    [Resolved] HTTP 403 Forbidden

    Hi,

    My Valence instance had been working for a few weeks without problem. As of this morning, I got an HTTP 403 after typing http://<ip>:7030/valence/vvlogin.pgm in the url window.

    Same responce was received upon http://<ip>:7030 (no sample home page).

    I double checked both /www/valence30 and /valence-3.0 directories to make sure both profiles QTMHHTTP and QTMHHTP1 have Read and Execute permissions; also made sure that .htaccess file does not exist in those directories, nor does it exist in the /www directory.

    The error.log states "ZSRV_MSG0362: Client denied by server configuration: /valence-3.0".

    The access.log has the following.

    "GET / HTTP/1.1" 403 224 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)"

    The content of the httpd.conf file is as follows.

    # Valence Standard Apache HTTP Server Configuration
    Listen *:7030
    DocumentRoot /valence-3.0/
    Options +ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes -Indexes -MultiViews
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%{Cookie}n \"%r\" %t" cookie
    LogFormat "%{User-agent}i" agent
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    CustomLog logs/access_log combined
    LogMaint logs/access_log 7 0
    LogMaint logs/error_log 7 0
    DefaultNetCCSID 1208
    # DefaultFsCCSID 37
    AddCharset UTF-8 .html
    AddCharset UTF-8 .js
    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive
    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0
    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive
    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0
    AddType application/vnd.ms-word.document.macroEnabled.12 .docm
    AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
    AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
    AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
    AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
    AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
    AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
    AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
    AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
    AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
    AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
    AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
    AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
    AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
    AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
    AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx
    AddType application/rtf rtf

    CGIConvMode BINARY

    <Directory />
    Order Deny,Allow
    Deny From all
    </Directory>

    # valence Ext JS 4 directives
    Alias /extjs4 /valence-3.0/ext-4.0.1
    <Directory /valence-3.0/ext-4.0.1>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence Ext JS 3 directives
    Alias /extjs /valence-3.0/ext-3.2.2
    <Directory /valence-3.0/ext-3.2.2>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence sencha touch directives
    Alias /sencha-touch /valence-3.0/sencha-touch-1.1.0
    <Directory /valence-3.0/sencha-touch-1.1.0>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence resource directives
    Alias /vvresources /valence-3.0/vvresources
    <Directory /valence-3.0/vvresources>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence html
    Alias /html /valence-3.0/html
    <Directory /valence-3.0/html>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence program directives
    ScriptAliasMatch /valence(.*)/vvlogin.pgm /QSYS.LIB/VALENCE30.LIB/VVLOGIN.PGM
    ScriptAliasMatch /valence(.*)/vvheader.pgm /QSYS.LIB/VALENCE30.LIB/VVHEADER.PGM
    ScriptAliasMatch /valence(.*)/vvvport.pgm /QSYS.LIB/VALENCE30.LIB/VVVPORT.PGM
    ScriptAliasMatch /valence(.*)/vvcall.pgm /QSYS.LIB/VALENCE30.LIB/VVCALL.PGM
    ScriptAliasMatch /valence(.*)/exns01.pgm /QSYS.LIB/VALENCE30.LIB/EXNS01.PGM
    ScriptAliasMatch /valence(.*)/vvupload.pgm /QSYS.LIB/VALENCE30.LIB/VVUPLOAD.PGM
    ScriptAliasMatch /valence(.*)/vvtest.pgm /QSYS.LIB/VALENCE30.LIB/VVTEST.PGM
    ScriptAliasMatch /valence(.*)/vvoptauto.pgm /QSYS.LIB/VALENCE30.LIB/VVOPTAUTO.PGM

    <Location /valence>
    CGIJobCcsid 37
    </Location>
    <Location /valence-de>
    CGIJobCcsid 273
    </Location>
    <Location /valence-en>
    CGIJobCcsid 37
    </Location>
    <Location /valence-es>
    CGIJobCcsid 284
    </Location>
    <Location /valence-fr>
    CGIJobCcsid 297
    </Location>
    <Location /valence-it>
    CGIJobCcsid 280
    </Location>
    <Location /valence-ja>
    CGIJobCcsid 37
    </Location>
    <Location /valence-nl>
    CGIJobCcsid 500
    </Location>
    <Location /valence-ru>
    CGIJobCcsid 1025
    </Location>

    <Directory /QSYS.LIB/VALENCE30.LIB>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence chart directives
    Alias /FusionCharts /valence-3.0/FusionCharts-3.2
    <Directory /valence-3.0/FusionCharts-3.2>
    Order Allow,Deny
    allow from all
    </Directory>

    # valence widgets directives
    Alias /FusionWidgets /valence-3.0l/FusionWidgets-3.2
    <Directory /valence-3.0/FusionWidgets-3.2>
    Order Allow,Deny
    allow from all
    </Directory>

    I haven't changed the original configuration since installation of product.

    I know this question must have to do whith Apache configuration and/or permissions rather than Valence itself; however, I will greatly appreciate any helpful advice from this forum.

    Thanks in advance!
    Alex
    Tags: None
  • #2
    Did the permissions on your IFS directories change?
    Is your installation of Valence set to "Override the job user"? If so, did you make any changes to the user profile (through Valence "Users") that you are attempting to log in with?

    Comment

    • #3
      Sean -

      The only changes I made (after receiving the error) is make sure that the two IBM HTTP profiles have the permissions - see my original post.

      As for "Override the job user" - yes, I did make such a change to plug in my own profile into the CGI jobs; I did so that the swap wouldn't be retained (i.e., the job would switch back to the deafult profile QTMHHTP1 after having worked the request). However, right now I am not able to get to the logon page at all.

      To the best of my recollection, I did not change my profile through Valence.

      Comment

      • #4
        Had it worked successfully for you after you enabled "Override Job User"?

        Comment

        • #5
          It did.

          (Ouch, feeling short of the required min 10 chars , hence this filler)

          Comment

          • #6
            Seems to me it's more likely to be an authority problem with the VALENCE30 library, not anything with the IFS. Can you check the authorities on the VALENCE30 library and the objects within? Also do a DSPLOG and dump it to *PRINT and look near the time frame of your last attempt to log in to see if there are any more relevant error messages.

            Comment

            • #7
              Richard -

              I added QTMHHTTP and QTMHHTP1 with *ALL authorities to both VALENCE30 library and VVLOGIN program, and after that was able to get to the logon screen and actually sign onto Valence.

              Still, this seems a little bizzare to me. Prior to my adding the profiles, both objects had PUBLIC(*CHANGE) and <my profile>(*ALL) (I do have both *ALLOBJ and *IOSYSCFG). I can swear that everything was working fine prior to this week.

              Also, added the two IBM HTTP profiles with *ALL to the folders and files in both /www/valence30 and valence-3.0 throughout but still can't get to the index page (index.html) - getting HTTP 403 instead. Not a big deal but just wondering what this might be.

              Thanks for your help!

              Comment

              Previous template Next
              Working...
              X