我知道这个问题之前已经提出过了,但是我发誓我已经读完了其他的post。 我在Apache / 2.4.7(Ubuntu)服务器上使用虚拟主机来托pipe多个WordPress站点。 我有一个网站,SiteA运行正常,但SiteB(SiteBroken)没有运行。
我通过apt-get安装了apache,我的configuration文件是
/etc/apache2 -rw-r--r-- 1 root root 7.3K Mar 28 15:29 apache2.conf 我已经阅读了关于改变用户在这个文件(我不确定)或通过chown命令,因此我的权限SiteA与SiteB
/var/www/SiteA/public_html total 188k drwxr-xr-x 5 root root 4.0K Mar 31 00:42 .. -rw-r--r-- 1 root root 25K Apr 4 20:23 wp-signup.php -rw-r--r-- 1 root root 11K Apr 4 20:23 wp-settings.php -rw-r--r-- 1 root root 33K Apr 4 20:23 wp-login.php -rw-r--r-- 1 root root 2.9K Apr 4 20:23 wp-cron.php -rw-r--r-- 1 root root 7.1K Apr 4 20:23 readme.html -rw-r--r-- 1 root root 418 Apr 4 20:23 index.php -rw-r--r-- 1 root root 3.0K Apr 4 20:23 xmlrpc.php -rw-r--r-- 1 root root 4.0K Apr 4 20:23 wp-trackback.php -rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-load.php -rw-r--r-- 1 root root 2.4K Apr 4 20:23 wp-links-opml.php drwxr-xr-x 12 root root 4.0K Apr 4 20:23 wp-includes -rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-config-sample.php -rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-comments-post.php -rw-r--r-- 1 root root 271 Apr 4 20:23 wp-blog-header.php -rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-activate.php -rw-r--r-- 1 root root 20K Apr 4 20:23 license.txt -rw-r--r-- 1 root root 8.1K Apr 4 20:23 wp-mail.php drwxr-xr-x 9 root root 4.0K Apr 4 20:23 wp-admin drwxr-xr-x 6 www-data www-data 4.0K Apr 16 14:55 wp-content -rw-r--r-- 1 root root 3.5K Apr 16 14:58 wp-config.php drwxr-xr-x 5 root root 4.0K Apr 16 14:58 . /var/www/SiteB/public_html total 220k -rw-r--r-- 1 root root 3.0K Jan 5 21:17 xmlrpc.php -rw-r--r-- 1 root root 4.0K Jan 5 21:17 wp-trackback.php -rw-r--r-- 1 root root 25K Jan 5 21:17 wp-signup.php -rw-r--r-- 1 root root 11K Jan 5 21:17 wp-settings.php -rw-r--r-- 1 root root 8.1K Jan 5 21:17 wp-mail.php -rw-r--r-- 1 root root 33K Jan 5 21:17 wp-login.php -rw-r--r-- 1 root root 2.7K Jan 5 21:17 wp-load.php -rw-r--r-- 1 root root 2.4K Jan 5 21:17 wp-links-opml.php -rw-r--r-- 1 root root 2.9K Jan 5 21:17 wp-cron.php -rw-r--r-- 1 root root 4.9K Jan 5 21:17 wp-comments-post.php -rw-r--r-- 1 root root 271 Jan 5 21:17 wp-blog-header.php -rw-r--r-- 1 root root 4.9K Jan 5 21:17 wp-activate.php -rw-r--r-- 1 root root 418 Jan 5 21:17 index.php drwxr-xr-x 9 root root 4.0K Jan 5 22:11 wp-admin -rw-r--r-- 1 root root 20K Feb 18 22:05 license.txt drwxr-xr-x 12 root root 4.0K Mar 1 21:57 wp-includes -rw-r--r-- 1 root root 3.4K Mar 28 23:48 wp-config.php -rw-r--r-- 1 root root 7.1K May 7 06:30 readme.html drwxr-xr-x 8 www-data www-data 4.0K May 7 23:08 wp-content -rw-r--r-- 1 root root 25K May 25 06:23 error_log -rw-r--r-- 1 root root 792 May 30 14:50 2.htaccess -rw-r--r-- 1 root root 241 May 30 14:51 .offline.htaccess drwxr-xr-x 6 root root 4.0K May 30 14:55 .. drwxr-xr-x 5 root root 4.0K Jun 1 07:25 .
我已经从SiteBconfiguration中删除了.httaccces ,因为我试图消除这个variables,以便将我的网站连接到接收403错误。 You don't have permission to access / on this server
/etc/apache2/sites-available cat SiteA.conf # public: /var/www/SiteA/public_html/ <VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin webmaster@SiteA ServerName www.SiteA ServerAlias SiteA # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /var/www/SiteA/public_html # Log file locations LogLevel warn ErrorLog /var/www/SiteA/log/error.log CustomLog /var/www/SiteA/log/access.log combined </VirtualHost> /etc/apache2/sites-available cat SiteBroken.conf # domain: SiteBroken # public: /var/www/SiteBroken/public_html/ <VirtualHost *:80> # Admin email, Server Name (domain name), and any aliases ServerAdmin webmaster@SiteBroken ServerName www.SiteBroken ServerAlias SiteBroken # Index file and Document Root (where the public files are located) DirectoryIndex index.html index.php DocumentRoot /var/www/SiteBroken/public_html # Log file locations LogLevel warn ErrorLog /var/www/SiteBroken/log/error.log CustomLog /var/www/SiteBroken/log/access.log combined </VirtualHost> diff SiteA.conf SiteBroken.conf 1,3c1,2 < < < # public: /var/www/SiteA/public_html/ --- > # domain: SiteBroken > # public: /var/www/SiteBroken/public_html/ 7,9c6,8 < ServerAdmin webmaster@SiteA < ServerName www.SiteA < ServerAlias SiteA --- > ServerAdmin webmaster@SiteBroken > ServerName www.SiteBroken > ServerAlias SiteBroken 13c12 < DocumentRoot /var/www/SiteA/public_html --- > DocumentRoot /var/www/SiteBroken/public_html 16,17c15,16 < ErrorLog /var/www/SiteA/log/error.log < CustomLog /var/www/SiteA/log/access.log combined --- > ErrorLog /var/www/SiteBroken/log/error.log > CustomLog /var/www/SiteBroken/log/access.log combined 19,20d17 < /etc/apache2/sites-available total 44K -rw-r--r-- 1 root root 6.3K Jan 7 2014 default-ssl.conf -rw-r--r-- 1 root root 1.4K Jan 7 2014 000-default.conf -rw-r--r-- 1 root root 626 Mar 31 00:42 SiteA.conf drwxr-xr-x 8 root root 4.0K Jun 1 07:13 .. -rw-r--r-- 1 root root 713 Jun 1 07:16 SiteBroken.conf drwxr-xr-x 2 root root 4.0K Jun 1 07:16 .
我昨天在遇到麻烦的时候在错误日志中注意到了这个错误信息。
/var/www/SiteBroken/log$ cat error.log [Tue Mar 31 03:22:14.410438 2015] [:error] [pid 25622] [client 113.123.33.183:47379] script '/var/www/SiteBroken/public_html/phpinfo.php' not found or unable to stat
运行良好的SiteA具有所有相同的WordPress文件,所以SiteA的目录中没有phpinfo.php文件,我不确定为什么一个站点正在运行,但我无法查看SiteB
我最近的整个public_html目录chown到万维网数据,但是这仍然没有解决403错误信息。
sudo chown -R www-data:www-data /var/www/SiteBroken/public_html/ drwxr-xr-x 5 www-data www-data 4.0K Jun 1 07:25 public_html
启用日志级别debugging ,所有我看到的是输出forms停止和重述阿帕奇,除了这个缺less`/var/www/html/moadmin.php'文件,是否这个文件是必要的
[Mon Jun 01 07:25:38.832460 2015] [mpm_prefork:notice] [pid 9847] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Mon Jun 01 07:25:38.832538 2015] [core:notice] [pid 9847] AH00094: Command line: '/usr/sbin/apache2' [Mon Jun 01 08:27:58.649847 2015] [mpm_prefork:notice] [pid 9847] AH00169: caught SIGTERM, shutting down [Mon Jun 01 08:27:59.551789 2015] [mpm_prefork:notice] [pid 10198] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Mon Jun 01 08:27:59.551885 2015] [core:notice] [pid 10198] AH00094: Command line: '/usr/sbin/apache2' [Mon Jun 01 10:43:46.042411 2015] [:error] [pid 10208] [client 89.248.172.27:51451] script '/var/www/html/moadmin.php' not found or unable to stat [Tue Jun 02 07:53:47.086020 2015] [mpm_prefork:notice] [pid 10198] AH00169: caught SIGTERM, shutting down [Tue Jun 02 07:53:48.203046 2015] [mpm_prefork:notice] [pid 12370] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 07:53:48.203105 2015] [core:notice] [pid 12370] AH00094: Command line: '/usr/sbin/apache2' [Tue Jun 02 07:57:14.417485 2015] [mpm_prefork:notice] [pid 12370] AH00169: caught SIGTERM, shutting down [Tue Jun 02 07:57:15.280777 2015] [mpm_prefork:notice] [pid 12515] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 07:57:15.280852 2015] [core:notice] [pid 12515] AH00094: Command line: '/usr/sbin/apache2' [Tue Jun 02 07:59:45.902752 2015] [mpm_prefork:notice] [pid 12515] AH00169: caught SIGTERM, shutting down [Tue Jun 02 07:59:47.017507 2015] [mpm_prefork:notice] [pid 12653] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 07:59:47.017577 2015] [core:notice] [pid 12653] AH00094: Command line: '/usr/sbin/apache2' [Tue Jun 02 08:05:59.014895 2015] [mpm_prefork:notice] [pid 12653] AH00169: caught SIGTERM, shutting down [Tue Jun 02 08:06:00.124043 2015] [mpm_prefork:notice] [pid 12787] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 08:06:00.124101 2015] [core:notice] [pid 12787] AH00094: Command line: '/usr/sbin/apache2' [Tue Jun 02 08:23:09.214883 2015] [mpm_prefork:notice] [pid 12787] AH00169: caught SIGTERM, shutting down [Tue Jun 02 08:23:10.332498 2015] [mpm_prefork:notice] [pid 13039] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 08:23:10.332556 2015] [core:notice] [pid 13039] AH00094: Command line: '/usr/sbin/apache2' [Tue Jun 02 08:40:06.186778 2015] [mpm_prefork:notice] [pid 13039] AH00169: caught SIGTERM, shutting down [Tue Jun 02 08:40:07.305531 2015] [mpm_prefork:notice] [pid 13491] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations [Tue Jun 02 08:40:07.305595 2015] [core:notice] [pid 13491] AH00094: Command line: '/usr/sbin/apache2'
更新:ls -la
/var/www$ ls -la total 48 drwxr-xr-x 7 root root 4096 Jun 2 08:21 . drwxr-xr-x 14 root root 4096 Mar 28 14:40 .. drwxr-xr-x 5 root root 4096 Mar 31 00:42 SiteA (working website) drwxr-xr-x 2 root root 4096 May 30 12:50 html drwxr-xr-x 6 root www-data 4096 May 30 14:55 SiteBroken
2015年6月6日更新
在阅读其他几篇SE文章之后,我修改了apache.conf文件,内容如下:
<Directory /> Options FollowSymLinks AllowOverride all Require all granted </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory>
我甚至在那里添加了我的完整文档根目录来testing一切和任何事情:
<Directory /var/www/html/SiteBroken/public_html> Options FollowSymLinks AllowOverride all Require all granted </Directory>
现在,当我将浏览器指向URL时,我的SiteBroken确实出现并生成了,但现在我无法转到任何页面,即www.sitebroken.com/foo或www.sitebroken.com/bar
我被告知我的Virutal服务器无法读取PHP文件? 这是吗?
/var/www/html/SiteBroken/public_html$ total 188K -rw-r--r-- 1 root root 3.0K Apr 4 20:23 xmlrpc.php -rw-r--r-- 1 root root 4.0K Apr 4 20:23 wp-trackback.php -rw-r--r-- 1 root root 25K Apr 4 20:23 wp-signup.php -rw-r--r-- 1 root root 11K Apr 4 20:23 wp-settings.php -rw-r--r-- 1 root root 8.1K Apr 4 20:23 wp-mail.php -rw-r--r-- 1 root root 33K Apr 4 20:23 wp-login.php -rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-load.php -rw-r--r-- 1 root root 2.4K Apr 4 20:23 wp-links-opml.php -rw-r--r-- 1 root root 2.9K Apr 4 20:23 wp-cron.php -rw-r--r-- 1 root root 2.7K Apr 4 20:23 wp-config-sample.php -rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-comments-post.php -rw-r--r-- 1 root root 271 Apr 4 20:23 wp-blog-header.php -rw-r--r-- 1 root root 4.9K Apr 4 20:23 wp-activate.php -rw-r--r-- 1 root root 7.1K Apr 4 20:23 readme.html -rw-r--r-- 1 root root 20K Apr 4 20:23 license.txt -rw-r--r-- 1 root root 418 Apr 4 20:23 index.php drwxr-xr-x 12 root root 4.0K Jun 6 18:17 wp-includes drwxr-xr-x 6 www-data www-data 4.0K Jun 6 18:17 wp-content drwxr-xr-x 5 root root 4.0K Jun 6 18:17 . drwxr-xr-x 9 root root 4.0K Jun 6 18:17 wp-admin drwxr-xr-x 5 root root 4.0K Jun 6 18:17 .. -rw-r--r-- 1 root root 3.5K Jun 6 19:03 wp-config.php
就像我在我的一个评论中说的,我有另一个网站,SiteA完全镜像到SiteBroken的configuration,我难住一个网站可以工作,另一个,SiteBroken,然后收到403错误,现在404错误。 The requested URL /foo/ was not found on this server.
我一直在使用这些问题https://askubuntu.com/questions/448944/where-to-place-my-local-website-starting-with-the-2-4-7-version-of-apache2和https://stackoverflow.com/questions/6959189/apache-virtualhost-403-forbidden
我也简单地安装了nginx,遇到类似的问题,我相信nginx无法读取我的php文件?
将所有权更改为www-data:www-data对于承载内容的文件夹使用r / w权限将允许httpd进程写入此文件夹,根据应用程序的复杂性和安全性,可能会给黑客一种方式用他或她自己select的东西覆盖合法代码。
可能的问题是您需要将执行位添加到父文件夹并更改组:
chmod g=rx /var/www/SiteA chown root:www-data /var/www/SiteA chmod g=rx /var/www/SiteA/public_html chown root:www-data /var/www/SiteA/public_html
没有执行位,进程不能下降到文件夹来读取文件,即使它拥有它们。
尝试configuration你的http-xampp
你会在那里find这个代码:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))"> Require local ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var </LocationMatch>
试着改变这个:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))"> Require local Require ip 192.120.203 // ip address of another pc or I would say the start of the ipaddress . ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var </LocationMatch>
当我得到这个错误时,这适用于我。 希望它也适合你。
将所有权更改为www-data而不是root。 你可以用chown来做到这一点:
$ sudo chown -R www-data:www-data /var/www/SiteA/public_html
这将使www-data成为public_html下所有文件/目录的所有者。
尝试把这个在你的VirtualHost:
<Directory /var/www/SiteBroken/public_html/> Require all granted </Directory>
使整个WordPress安装由www-data(甚至用于testing)所拥有是非常糟糕的做法。 这将允许Apache进程在目录树中的任何位置写入文件,包括PHP文件。 在过去的三个月中,我已经经历了十多个被黑客入侵的网站。 然后攻击者可以安装任何他们想要的东西 – 后门shell,垃圾邮件机器人,任何东西。 他们还可以读取包含所有数据库凭证的wp-config.php文件。 这也可能导致攻击者仔细阅读其他站点目录(即SiteA)并获得对该数据库的完全访问权限。
不知道上面的Require all是否有帮助,但是我知道Apache 2.4和它的安全机制是不同的,这在过去帮助了我。