Access denied to web frontend resources

Bug #1246732 reported by Jan Schneider on 2013-10-31
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sogo (Ubuntu)
Undecided
Unassigned

Bug Description

Any access to CSS or JS files of the web frontend results in:

You don't have permission to access /SOGo.woa/WebServerResources/generic.css on this server.

in the browser and:

[Thu Oct 31 14:33:45.610031 2013] [authz_core:error] [pid 7022] [client 192.168.60.175:54188] AH01630: client denied by server configuration: /usr/lib/GNUstep/SOGo/WebServerResources/generic.css

in the apache logs.

I had to manually copy /usr/share/doc/sogo/apache.conf to /etc/apache2/conf-available/sogo.conf because the package doesn't install a working apache configuration at all.

Jeroen Dekkers (dekkers) wrote :

The apache configuration is not installed by default because it is just an example that must be adapted before it can be used. That your apache configuration denies access to the web frontend resources is a bug in your apache configuration and not in the sogo package.

Changed in sogo (Ubuntu):
status: New → Invalid
Jan Schneider (yunosh) wrote :

It *is* a bug in the sogo package, because this is the standard Apache configuration that ships with Ubuntu. If sogo doesn't work with it out of the box, it *has* to provide an Apache configuration stanza.

Changed in sogo (Ubuntu):
status: Invalid → New
Jan Schneider (yunosh) wrote :

And just for the record: the reason why the default configuration doesn't work, is that the most recent Ubuntu versions ship with Apache 2.4 and it new authorization model. Even though mod_access_compat is enabled, the Order/Allow directives don't work, because the base Apache configuration in Ubuntu uses Require. Obviously one cannot override the new directives with the old ones, despite the compatibility module.
Workaround: comment out the <Directory /> stanza in /etc/apache2/apache2.conf.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sogo (Ubuntu):
status: New → Confirmed
Stuart Longland (redhatter) wrote :

Actually, rather than commenting out stanzas, one should just fix the directives to use the correct statement in the sogo.conf:

<Directory /usr/lib/GNUstep/SOGo>
    Require all granted

    # Explicitly allow caching of static content to avoid browser specific behavior.
    # A resource's URL MUST change in order to have the client load the new version.
    <IfModule expires_module>
      ExpiresActive On
      ExpiresDefault "access plus 1 year"
    </IfModule>
</Directory>

This seems to work the way the distributed file did, but with Apache 2.4. The file does need customisation by the end user, but it would be a nice courtesy to drop a copy in /etc/apache/confs-available so the user doesn't have to go hunting far for the file.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers