Comment 4 for bug 370542

Revision history for this message
Jonathan Marsden (jmarsden) wrote : Re: Accessing http://localhost gives without reason a 403 Forbidden error page

DIAGNOSIS:

Based on the [client ::1] in the log entries, I strongly suspect an IPv6 related issue here.

In Jaunty, /etc/hosts has a line

::1 localhost ip6-localhost ip6-loopback

where in Intrepid, this was

::1 ip6-localhost ip6-loopback

I *strongly* suspect that "allow from localhost" in Apache maps to an IPv4 "allow from 127.0.0.1", but in Jaunty, the incoming request is actually coming in from IPv6 address ::1, which therefore does not match the allow rule.

EVIDENCE:

(A) Once you edit things to use "allow localhost" and then reboot, browsing to http://[::1]/. fails but browsing to http://[127.0.0.1]/ works.

(B) Editing the line of .etrc/hosts that starts with ::1 to remove the "localhost" name and then restarting your browser allows browsing to http://localhost/ to work once more (because now localhost resolves to 127.0.0.1).

SOLUTION:

The 'fix' is now trivially obvious. Edit the line of /etc/apache2/sites-available/default to say "allow localhost" as before, and then add a new line immediately after it that says "allow ::1" . Now both IPv4 locahost and IPv6 localhost clients are permitted the rules the sysadmin has manually specified, and now browsing from Firefox on the local machine works as expected.

QUESTION: Is this really a bug? Or is it simply a change of overall system behaviour as the world becomes more IPv6 conscious, that those who like editing Apache config files by hand "should" know about? [I suspect the latter, but I'm not at all dogmatic about that opinion :) ]

In case it matters, my tests were all done in a Jaunty i386 virtual machine using virtualbox-ose on a Jaunty amd86 host system, and with Firefox as my "browser of choice".

Jonathan