Configuring Apache2 with FastCGI for RT 3.4.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I’m trying to configure an RT 3.4.2 virtual host (SSL) in Apache2 with
FastCGI (RT 3.4.2), but I keep getting this message when I try to access
the page with my browser:

You don't have permission to access / on this server.'

The Apache error log says this:

client denied by server configuration: /usr/local/rt3/bin/mason_handler.fcgi

And here’s a portion of my httpd.conf (actually ssl.conf):

<VirtualHost 169.229.1.165:443>
   SSLEngine on
   DocumentRoot /usr/local/www/data
   ServerName sns2.berkeley.edu:443
   ServerAdmin mikef@ack.berkeley.edu
   ErrorLog /var/log/httpd-error.log
   TransferLog /var/log/httpd-access.log
   <Directory /usr/local/www/data>
      Options Indexes FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>
<VirtualHost 169.229.1.165:444>
   SSLEngine on
   DocumentRoot /usr/local/rt3/share/html
   ServerName sns2.berkeley.edu:444
   ServerAdmin mikef@ack.berkeley.edu
   ErrorLog /var/log/httpd-error.log
   TransferLog /var/log/httpd-access.log
   <Location />
      AddDefaultCharset UTF-8
      SetHandler fastcgi-script
   </Location>
   Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
   AddHandler fastcgi-script fcgi
   ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/
   <Directory /usr/local/rt3/share/html>
      Options Indexes FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
   </Directory>
</VirtualHost>

I have no trouble accessing the virtual host at 443 (which is a non-RT web
site), so I figure it’s the RT-related virtual host that’s somehow
misconfigured.

Of course, there’s more to my configuration than shown above (I didn’t
want to include the whole thing here) and the problem may lie elsewhere.
But is there anything obviously wrong with my port 444 virtual host
configuration above that I might be missing? Or should I be looking at
something else in particular?

Just trying to get some ideas.

Thanks.

Mike

Mike Friedman System and Network Security
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBQyIBpK0bf1iNr4mCEQIRSgCgy+ERgFJJo3JwxvLshTja59k6fOcAoLBj
9tEdp+YiuONmoUcSjEQ2n/Sb
=915Y
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Never mind; I found my problem. It seems there was a ‘Deny from all’
statement elsewhere in my configuration that was setting too strict a
default. Thus, even my ‘Allow from all’ in the RT directory was being
overridden because I also have ‘Order allow,deny’ there.

Once I commented out the ‘Deny from all’, it worked OK.

Mike

Mike Friedman System and Network Security
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu

• ---------- Forwarded message ----------Date: Fri, 9 Sep 2005 14:41:50 -0700 (PDT)
  From: Mike Friedman mikef@ack.berkeley.edu
  To: rt-users@lists.bestpractical.com
  Subject: [rt-users] Configuring Apache2 with FastCGI for RT 3.4.2

I’m trying to configure an RT 3.4.2 virtual host (SSL) in Apache2 with FastCGI
(RT 3.4.2), but I keep getting this message when I try to access the page with
my browser:

You don't have permission to access / on this server.'

The Apache error log says this:

client denied by server configuration: /usr/local/rt3/bin/mason_handler.fcgi

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBQyNaIK0bf1iNr4mCEQJETACeMqGHJY7Suon7iEDj3BCv90fYL8QAn3lj
o83UvGL0fwe4BT/KCfKvnbke
=ouI8
-----END PGP SIGNATURE-----