Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access forbidden by rule: "GET /data/htaccesstest.txt HTTP/1.1" #16090

Closed
binarykitchen opened this issue May 6, 2015 · 7 comments
Closed

Access forbidden by rule: "GET /data/htaccesstest.txt HTTP/1.1" #16090

binarykitchen opened this issue May 6, 2015 · 7 comments
Labels
documentation

Comments

@binarykitchen
Copy link

I am seeing the above error in the nginx error log. This for owncloud v8.0.3 on Ubuntu 14.10

Furthermore I have the system cron option enabled under admin settings and am seeing this one warning as well:

Last cron was executed at May 6, 2015 at 9:44:17 AM GMT+12. This is more than an hour ago, something seems wrong.

This here is my nginx configuration. I haven't changed it after the migration from v7 to v8 so maybe there is an error?

upstream php-handler {
        server unix:/var/run/php5-fpm.sock;
}

server {
        listen 1.2.3.4:80;
        server_name aaa.bbb.ccc;
        return 301 https://$server_name$request_uri;  # enforce https
}

server {
        listen 1.2.3.4:443 ssl default deferred;

        server_name aaa.bbb.ccc;

        ssl_certificate ...
        ssl_certificate_key ...

        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log notice;

        # Path to the root of your installation
        root /var/www/owncloud;

        gzip off;

        client_max_body_size 5G; # set max upload size

        # increase it carefully to fix
        # "an upstream response is buffered to a temporary file"
        fastcgi_buffers 192 12K;

        # this is to avoid messages like "a client request body is buffered to a temporary file"
        # increase it carefully until it is gone ...
        client_body_buffer_size 40m;

        rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
        rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
        rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

        index index.php;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
            deny all;
        }

        location / {
                # The following 2 rules are only needed with webfinger
                rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
                rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

                rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
                rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

                rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

                #etag on

                # this avoids upstream time outs (110: Connection timed out)
                proxy_read_timeout 180s;

                try_files $uri $uri/ index.php;
        }

        location ~ ^(.+?\.php)(/.*)?$ {
                try_files $1 = 404;

                include fastcgi_params;
                fastcgi_read_timeout 300;
                fastcgi_param SCRIPT_FILENAME $document_root$1;
                fastcgi_param PATH_INFO $2;
                fastcgi_param HTTPS on;
                fastcgi_pass php-handler;

                # this avoids upstream time outs (110: Connection timed out)
                proxy_read_timeout 180s;
        }

        # Optional: set long EXPIRES header on static assets
        location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
                expires 30d;
                # Optional: Don't log access to assets
                access_log off;
        }
}
@ghost
Copy link

ghost commented May 6, 2015

See https://forum.owncloud.org/viewtopic.php?f=17&t=20217

@binarykitchen
Copy link
Author

Yes, but it pollutes the log file. How can I suppress it?

@ghost
Copy link

ghost commented May 6, 2015

Have a look if it is possible to suppress it somewhere in your NginX config.

@binarykitchen
Copy link
Author

Something like this?

        location = /data/htaccesstest.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

If so, then I'd suggest to add this in
https://doc.owncloud.org/server/8.0/admin_manual/installation/nginx_configuration.html

Because this only confuses users I think.

@ghost
Copy link

ghost commented May 6, 2015

Yes, that could work. To suggest this for the documentation you could report this to

https://github.com/owncloud/documentation/issues

@binarykitchen binarykitchen mentioned this issue May 6, 2015
Closed
@DeepDiver1975
Copy link
Member

@carlaschroder FYI

@carlaschroder carlaschroder self-assigned this May 6, 2015
@carlaschroder carlaschroder modified the milestone: backlog May 6, 2015
@carlaschroder carlaschroder removed their assignment May 6, 2015
@carlaschroder
Copy link

done owncloud-archive/documentation#1110

@ownclouders ownclouders mentioned this issue Apr 21, 2018
Closed
@lock lock bot locked as resolved and limited conversation to collaborators Aug 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@binarykitchen @nickvergessen @DeepDiver1975 @carlaschroder