1

I am trying to set up a webdav server on my centos 8 and am stuck for the last hours with a "client denied by server configuration: /srv/webdav/fs" message. I have read several threads where this error occurred but none helped me find out the issue.

This is my configuration file:

DavLockDB "/etc/httpd/var/davlock"
<VirtualHost *:443>
    ServerName example.com
    ServerAdmin example@mail
    DocumentRoot /srv/webdav
    ErrorLog /var/log/httpd/error.log
    CustomLog /var/log/httpd/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    Alias /fs /srv/webdav/fs
    <Directory /fs>
        AuthType "Basic"
        AuthName "Password Manager"
        AuthBasicProvider file
        AuthUserFile "/etc/httpd/conf/dav_passwords"
        Require valid-user
        DAV On
        Options Indexes
    </Directory>
</VirtualHost>

I created a user with sudo htpasswd -c /etc/httpd/conf/dav_passwords john. /srv/webdav is owned by apache:apache.

Help is really appreciated. Thanks in advance!

Edit:

I changed the loglevel to trace3 and got some more detailed logs in the error file. I still can not see where the issue lies:

[Thu May 13 08:11:02.888221 2021] [ssl:trace3] [pid 3464:tid 140514974116160] ssl_engine_init.c(607): Using OpenSSL/system default SSL/TLS protocols
[Thu May 13 08:11:02.888225 2021] [ssl:trace3] [pid 3464:tid 140514974116160] ssl_engine_init.c(628): Creating new SSL context (protocols: default)
[Thu May 13 08:11:02.888535 2021] [ssl:trace1] [pid 3464:tid 140514974116160] ssl_engine_init.c(972): Configuring permitted SSL ciphers [ALL:!COMPLEMENTOFDEFAULT:!eNULL:!aNULL:!eNULL:!EXP]
[Thu May 13 08:11:02.888590 2021] [ssl:debug] [pid 3464:tid 140514974116160] ssl_engine_init.c(520): AH01893: Configuring TLS extension handling
[Thu May 13 08:11:02.888795 2021] [ssl:warn] [pid 3464:tid 140514974116160] AH01906: example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 13 08:11:02.888809 2021] [ssl:trace3] [pid 3464:tid 140514974116160] ssl_util_ssl.c(433): [example.com:443] modssl_X509_match_name: expecting name 'example.com', matched by ID 'example.com'
[Thu May 13 08:11:02.888840 2021] [ssl:debug] [pid 3464:tid 140514974116160] ssl_util_ssl.c(444): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: emailAddress=example@mail,CN=example.com / issuer: emailAddress=example@mail,CN=example.com / serial: 7C1166CC353EC7F29C68B66269042224CEE41E67 / notbefore: May 12 08:52:52 2021 GMT / notafter: May 12 08:52:52 2022 GMT]
[Thu May 13 08:11:02.888846 2021] [ssl:info] [pid 3464:tid 140514974116160] AH02568: Certificate and private key example.com:443:0 configured from /etc/ssl/certs/apache-selfsigned.crt and /etc/ssl/private/apache-selfsigned.key
Vallout
  • 11
  • 1
  • 4

2 Answers2

0

The problem is here:

Alias /fs /srv/webdav/fs
<Directory /fs>
...
</Directory>

The directives inside <Directory /fs> don't apply, because the directory isn't /fs, it's /srv/webdav/fs. Try <Directory /srv/webdav/fs>.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • Good idea. But it still did not work :-/ `[authz_core:error] [pid 6155:tid 140670681462528] [client 192.168.177.5:53147] AH01630: client denied by server configuration: /srv/webdav/fs/` – Vallout May 14 '21 at 09:22
0

Ok, so I solved the issue. I completely reinstalled httpd and created the files once again (with appropriate permissions and ownership). Then I didn't specify DavLockDB "/etc/httpd/var/davlock" in the webdav.conf file and therefore it defaulted to /var/lib/dav/lockdb according to the default Apache configuration. (I don't know why that made a difference...) Lastly I needed to change the context of my webdav directory with chcon -R -t httpd_sys_content_rw_t /path/to/dir. Now it works. Thanks again, Andrew for your attempt to help!

Vallout
  • 11
  • 1
  • 4