1 Topic by BDevGW

  • BDevGW
  • Member
  • Offline
  • Registered: 2020-07-16
  • Posts: 1

Topic: Error 403 when accessing admin pannel nd roundcube

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1 MARIADB edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Debian 10 x64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
I've set up my server and currently I'm trying to acess the web interface.
I've istalled the iRedAdmin panel and Roundcube.
Both are installed in /opt/www/.
every time I try to access them (https://.../mail and https://.../iredadmin) I get the 403 error instead of the page.

Here is my Apache config:

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
        ServerName mail.domain.se
        ServerAdmin admin@domain.se
        ServerAlias sub.domain.se
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Alias /iredadmin/static "/opt/www/iRedAdmin-1.0/static/"
        WSGIScriptAlias /iredadmin "/opt/www/iRedAdmin-1.0/iredadmin.py/"
        Alias /mail "/opt/www/roundcubemail-1.4.7/"
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

        SSLCertificateFile /etc/ssl/certs/iRedMail.crt
        SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
</VirtualHost>

My access log:

192.168.2.110 - - [16/Jul/2020:12:46:34 +0200] "GET /ireadmin HTTP/1.1" 404 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:12:46:34 +0200] "GET /favicon.ico HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:12:46:39 +0200] "GET /mail HTTP/1.1" 404 1026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:12:46:55 +0200] "GET / HTTP/1.1" 200 3957 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:12:46:55 +0200] "GET /icons/openlogo-75.png HTTP/1.1" 200 6084 "https://192.168.2.161/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:23 +0200] "GET /mail HTTP/1.1" 404 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:23 +0200] "GET /favicon.ico HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:25 +0200] "GET /mail HTTP/1.1" 404 1026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:25 +0200] "GET /favicon.ico HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:58 +0200] "GET /mail HTTP/1.1" 404 1026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:58 +0200] "GET /favicon.ico HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:59 +0200] "GET /mail HTTP/1.1" 404 1026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:59 +0200] "GET /favicon.ico HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:59 +0200] "GET /mail HTTP/1.1" 404 1026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:01:59 +0200] "GET /mail HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:09:10 +0200] "GET /mail HTTP/1.1" 403 3518 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:09:11 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:09:11 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:03 +0200] "GET /mail HTTP/1.1" 403 1029 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:04 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:13 +0200] "GET /mail HTTP/1.1" 403 1029 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:14 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:14 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:14 +0200] "GET /mail HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:10:35 +0200] "GET /iredadmin HTTP/1.1" 403 1029 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:12:25 +0200] "GET /iredadmin HTTP/1.1" 403 1029 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:12:25 +0200] "GET /iredadmin HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:12:26 +0200] "GET /iredadmin HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:12:26 +0200] "GET /iredadmin HTTP/1.1" 403 517 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:16:18 +0200] "GET /iredadmin HTTP/1.1" 403 3534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:16:18 +0200] "GET /favicon.ico HTTP/1.1" 404 530 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:16:21 +0200] "GET /iredadmin HTTP/1.1" 403 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:08 +0200] "GET /iredadmin HTTP/1.1" 403 3534 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:08 +0200] "GET /favicon.ico HTTP/1.1" 404 530 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:09 +0200] "GET /iredadmin HTTP/1.1" 403 1045 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:09 +0200] "GET /iredadmin HTTP/1.1" 403 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:09 +0200] "GET /iredadmin HTTP/1.1" 403 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:09 +0200] "GET /iredadmin HTTP/1.1" 403 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:09 +0200] "GET /favicon.ico HTTP/1.1" 404 530 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:42 +0200] "GET /mail HTTP/1.1" 403 1045 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:19:44 +0200] "GET /mail HTTP/1.1" 403 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:28:24 +0200] "GET /mail HTTP/1.1" 403 3602 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:28:24 +0200] "GET /favicon.ico HTTP/1.1" 404 530 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.2.110 - - [16/Jul/2020:13:28:24 +0200] "GET /mail HTTP/1.1" 403 1077 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"

The last lines of my error log:

[Thu Jul 16 13:28:24.082411 2020] [core:error] [pid 3747:tid 139638807176960] (13)Permission denied: [client 192.168.2.110:52409] AH00035: access to /mail denied (filesystem path '/opt/www/roundcubemail-1.4.7') because search permission$
[Thu Jul 16 13:28:24.551575 2020] [core:error] [pid 3746:tid 139638849140480] (13)Permission denied: [client 192.168.2.110:52410] AH00035: access to /mail denied (filesystem path '/opt/www/roundcubemail-1.4.7') because search permission$

The entire folder /opt/www/ has been set to 0555 and iredadmin:iredadmin since this was mentioned in the installation guide for the admin panel on apache.

This is thy permission management fom /opt/www/:

root@bgrsld-mail0:/opt/www# ls -la
total 16
dr-xr-xr-x  4 iredadmin iredadmin 4096 Jul 16 13:01 .
drwxr-xr-x  5 root      root      4096 Jul 16 12:26 ..
lrwxrwxrwx  1 iredadmin iredadmin   22 Jul 16 12:26 iredadmin -> /opt/www/iRedAdmin-1.0
dr-xr-xr-x 11 iredadmin iredadmin 4096 Jul 16 13:01 iRedAdmin-1.0
lrwxrwxrwx  1 iredadmin iredadmin   28 Jul 16 13:01 roundcubemail -> /opt/www/roundcubemail-1.4.7
dr-xr-xr-x 13 iredadmin iredadmin 4096 Jul  4 12:58 roundcubemail-1.4.7

Thanks for any help!

Post's attachments

403.PNG
403.PNG 7.03 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Error 403 when accessing admin pannel nd roundcube

Why not use Nginx directly?
iRedMail dropped Apache years ago, and all components are configured to use Nginx. We don't support such replacement after iRedMail installation.