Client denied by server Configuration proxy

Client denied by server configuration
HTTP and HTTPS Reverse-Proxy Configuration | Nuxeo Documentation

This error means that the access to the directory on the file system was denied by an Apache configuration.

Apache HTTP server 2.4 notes

The 2.4 release introduced significant changes to the authorization and authentication process. Users of that release are encouraged to read this link to migrate their older config files.

Before you start

Before attempting to alter any existing config file, please take note of the full file system path for which access is being denied, and the IP or hostname of the client:

[error] [client ::1] client denied by server configuration: /var/www/example.com/

Using the correct path in the directory block for the following examples is essential to solving this problem. In this case, a client from the local machine (::1) is being denied access to /var/www/example.com .

Troubleshooting

The possible causes are:

DocumentRoot /var/www/example.com

2.2:

Order deny, allow Deny from all

2.4:

Require all denied

In the above examples, using the following configuration will resolve the issue:

Order allow, deny Allow from all

Require all granted

DocumentRoot /var/www/example.com Alias /foo /var/www/foo

Solution (2.2):

Solution (2.4):

  • Proxying to a service with no explicit access in a location block.

ProxyPass /foo/ ProxyPassReverse /foo/

Order allow, deny Allow from all Require all granted

The solution:

  • Using mod_security with an explicit directive to deny access. Altering or commenting out the offending directives from that module will resolve the issue.
  • Using a bandwidth or rate limiting module such as mod_evasive, mod_limitipconn or mod_bw. A capable firewall is far more efficient at limiting traffic bursts, and abusive clients.

Words of caution

The following configuration may be included in your apache HTTPD configuration; its purpose is to prevent unauthorized access to the root of the file system. Under no condition should it be altered. Instead, the existing directory block for the full file system path should be altered, or a new one should be created if it was not already present.

Source: wiki.apache.org

Related posts:

  1. Linux proxy server Configuration
  2. Ubuntu Squid proxy server Configuration
  3. Windows proxy server Configuration