2

I have word-press website on ec2 with bitnami image in error log file i am getting bellow snippet error.

I have overwrite default htaccess.conf file with my .htaccess file

now the path for .htaccess file is /opt/bitnami/apps/wordpress/htdocs/

     [Tue Feb 17 07:07:18.977511 2015] [ssl:warn] [pid 29411:tid 140429621905216] AH01909: justforhearts.org:443:0 server certificate does NOT include an ID which matches the server name
    [Tue Feb 17 07:07:18.977829 2015] [ssl:warn] [pid 29411:tid 140429621905216] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
    [Tue Feb 17 07:07:18.977930 2015] [lbmethod_heartbeat:notice] [pid 29411:tid 140429621905216] AH02282: No slotmem from mod_heartmonitor
    [Tue Feb 17 07:07:18.992006 2015] [mpm_event:notice] [pid 29411:tid 140429621905216] AH00489: Apache/2.4.10 (Unix) OpenSSL/1.0.1j configured -- resuming normal operations
    [Tue Feb 17 07:07:18.992028 2015] [core:notice] [pid 29411:tid 140429621905216] AH00094: Command line: '/opt/bitnami/apache2/bin/httpd -f /opt/bitnami/apache2/conf/httpd.conf -D DISABLE_BANNER'
    [Tue Feb 17 07:12:25.491605 2015] [access_compat:error] [pid 28267:tid 140429274093312] [client 199.59.148.209:32041] AH01797: client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/robots.txt
    [Tue Feb 17 07:12:25.697742 2015] [access_compat:error] [pid 28267:tid 140429265700608] [client 199.59.148.209:32041] AH01797: client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/2014
   [Tue Feb 17 07:12:25.697742 2015] [access_compat:error] [pid 28267:tid 140429265700608] [client 199.59.148.209:32041] AH01797: client denied by server configuration: /opt/bitnami/apps/wordpress/htdocs/

You can see bellow my conf file structure.

httpd-vhosts.conf file snippet

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
<Directory "/opt/bitnami/apps/wordpress/htdocs">
  Options All
  AllowOverride All
  Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
    SSLEngine on
    SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
    SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"
    Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

httpd-app.conf file snippet

<IfDefine USE_PHP_FPM>
    <Proxy "unix:/opt/bitnami/php/var/run/wordpress.sock|fcgi://wordpress-fpm" timeout=300>
    </Proxy>
</IfDefine>
<Directory "/opt/bitnami/apps/wordpress/htdocs">
    Options +MultiViews +FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.3>
        Require all granted
    </IfVersion>
    <IfDefine USE_PHP_FPM>
       <FilesMatch \.php$>
         SetHandler "proxy:fcgi://wordpress-fpm/"
       </FilesMatch>
    </IfDefine> 
    RewriteEngine On
    #RewriteBase /wordpress/
    RewriteRule ^index\.php$ - [S=1]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]
        Include "/opt/bitnami/apps/wordpress/conf/banner.conf"
</Directory>
#Include "/opt/bitnami/apps/wordpress/conf/htaccess.conf"

banner.conf file snippet

# Banner configuration
<IfDefine !DISABLE_BANNER>
    <If "%{REQUEST_URI} !~ m!^/+(index\.php)?/*$!i" >
       SetEnv  "DISABLE_BANNER" "YES"
    </If>
    Include "/opt/bitnami/apps/bitnami/banner/conf/banner-substitutions.conf"
</IfDefine>

.htaccess file snippet, file permission 664

# BEGIN s2Member GZIP exclusions
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (^|\?|&)s2member_file_download\=.+ [OR]
    RewriteCond %{QUERY_STRING} (^|\?|&)no-gzip\=1
    RewriteRule .* - [E=no-gzip:1]
</IfModule>
## EXPIRES CACHING ##
    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 year"
    ExpiresByType image/jpeg "access 1 year"
    ExpiresByType image/gif "access 1 year"
    ExpiresByType image/png "access 1 year"
    ExpiresByType text/css "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType text/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 2 days"

    </IfModule>
    ## EXPIRES CACHING ##
# END s2Member GZIP exclusions
# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
AddDefaultCharset UTF-8
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|Googlebot-Mobile|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|YahooSeeker/M1A1-R2D2|iPhone|iPod|Android|BlackBerry9530|LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
</IfModule>

# END WPSuperCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

folder permission snippet

total 728
-rwxrwxr-x  1 bitnami daemon   1150 Jan 14  2012 favicon.ico
-rwxrwxr-x  1 bitnami daemon     53 Feb 12  2013 google496df181d1f0e489.html
-rwxrwxr-x  1 bitnami daemon     53 Jan  3  2013 googled446f1edcf45faf3.html
-rwxrwxr-x  1 bitnami daemon     53 Dec 23  2013 googledc9356356aa4126c.html
-rwxrwxr-x  1 bitnami daemon    418 Nov  1  2013 index.php
-rwxrwxr-x  1 bitnami daemon  19930 Feb 19 02:09 license.txt
-rwxrwxr-x  1 bitnami daemon     19 Dec 31 10:42 phpinfo.php
-rwxrwxr-x  1 bitnami daemon   7195 Feb 19 02:09 readme.html
-rwxrwxr-x  1 bitnami daemon    263 Jul 20  2014 robots.txt
-rwxrwxr-x  1 bitnami daemon 466324 Feb 28  2014 sitemap.xml
-rwxrwxr-x  1 bitnami daemon  18529 Jul 26  2012 timthumb.php
-rwxrwxr-x  1 bitnami daemon     15 Apr 13  2013 verifyforzoho.html
drwxrwxr-x  2 bitnami daemon   4096 Feb 11 18:56 wc-logs
-rwxrwxr-x  1 bitnami daemon   4951 Sep  6 06:37 wp-activate.php
drwxrwxr-x 10 bitnami daemon   4096 Feb  4  2014 wp-admin
-rwxrwxr-x  1 bitnami daemon    226 Jan 12  2012 wp-atom.php
drwxrwxr-x  2 bitnami daemon   4096 Nov 18 14:20 wp-backups
-rwxrwxr-x  1 bitnami daemon    271 Nov  1  2013 wp-blog-header.php
-rwxrwxr-x  1 bitnami daemon   5008 Dec 19 07:51 wp-comments-post.php
-rwxrwxr-x  1 bitnami daemon    244 Jan 12  2012 wp-commentsrss2.php
-rwxrwxr-x  1 bitnami daemon   4146 Jan 31 12:36 wp-config.php
-rwxrwxr-x  1 bitnami daemon   2726 Dec 19 07:51 wp-config-sample.php
drwxrwxr-x 17 bitnami daemon   4096 Feb 23 08:29 wp-content
-rwxrwxr-x  1 bitnami daemon   2956 Sep  6 06:37 wp-cron.php
-rwxrwxr-x  1 bitnami daemon    246 Jan 12  2012 wp-feed.php
drwxrwxr-x 12 bitnami daemon   4096 Sep  6 06:37 wp-includes
-rwxrwxr-x  1 bitnami daemon   2380 Nov  1  2013 wp-links-opml.php
-rwxrwxr-x  1 bitnami daemon   2714 Sep  6 06:37 wp-load.php
-rwxrwxr-x  1 bitnami daemon  33435 Dec 19 07:51 wp-login.php
-rwxrwxr-x  1 bitnami daemon   8252 Sep  6 06:37 wp-mail.php
-rwxrwxr-x  1 bitnami daemon    413 Jan 12  2012 wp-pass.php
-rwxrwxr-x  1 bitnami daemon    224 Jan 12  2012 wp-rdf.php
-rwxrwxr-x  1 bitnami daemon    334 Jan 12  2012 wp-register.php
-rwxrwxr-x  1 bitnami daemon    226 Jan 12  2012 wp-rss2.php
-rwxrwxr-x  1 bitnami daemon    224 Jan 12  2012 wp-rss.php
-rwxrwxr-x  1 bitnami daemon  11115 Dec 31 11:07 wp-settings.php
-rwxrwxr-x  1 bitnami daemon  25152 Dec 19 07:51 wp-signup.php
-rwxrwxr-x  1 bitnami daemon   4035 Dec 19 07:51 wp-trackback.php
-rwxrwxr-x  1 bitnami daemon   3032 Apr 17  2014 xmlrpc.php

php-fpm-apache.conf snippet

<IfDefine USE_PHP_FPM>
  <Proxy "unix:/opt/bitnami/php/var/run/www.sock|fcgi://www-fpm" timeout=300>
  </Proxy>
  <FilesMatch \.php$>
    SetHandler "proxy:fcgi://www-fpm/"
  </FilesMatch>
</IfDefine>
Sanjay Nakate
  • 71
  • 1
  • 6

3 Answers3

0

If the new path of file is "/opt/bitnami/apps/wordpress/htdocs/" why is it included as #Include "/opt/bitnami/apps/wordpress/conf/htaccess.conf" in httpd-app ? Also, note that manually altering configuration paths for WP/WP themes will most likely cause them not to function properly as they do you use relative path. if you altered the path of a primary file, you will have to manually alter it in all other files that directly point to it. So better use an advanced text editor to check where else you need to alter the path to your new file.

Overmind
  • 2,970
  • 2
  • 15
  • 24
0

Are these 403s just happening with the HTTPS version? If so, in httpd-vhosts.conf, replicate the whole <Directory...> section into the <VirtualHost *:443> section. If not, there could be some restrictions in the .htaccess file, so add Satisfy Any (see https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#satisfy )

If those fail:

  • is php5-fpm.conf enabled?
  • Add the Require all granted directive into your <Proxy> section. (see https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration )
  • please post your .htaccess file and the path to it
  • check its file permissions.
  • could you be using a .htaccess file for Apache 2.2?
  • post file permissions shown in ls -l /opt/bitnami/apps/wordpress/htdocs
Cedric Knight
  • 1,098
  • 6
  • 20
0

Try using http-vhosts.conf file for the Directory block to allow access to directory, place it in :80 and :443 vhost file:

```

  <Directory "/opt/bitnami/apps/wordpress/htdocs">
    Options +SymLinksIfOwnerMatch
    AllowOverride AuthConfig FileInfo Indexes Limit Options=Indexes,MultiViews Options
    Require all granted
  </Directory>

```

Tabiko
  • 310
  • 1
  • 8