Error 403 Forbidden forwarding from Apacha to Tomcat

Hi,

I am trying to create 2 separate environments (dev and test) on one powerful
Unix server which has 2 network cards, 2 IP addresses, 2 server names...

Using Apache 2.0.43 and Tomcat 4.1.29/JBoss 3.0.7, mod_jk 2.0.43
on Solaris 9, Intranet environment.

Everything is fine on the first instance,
but on the second instance when I do http://server2,
Apache still can't redirect to second Tomcat/JBoss:

"Forbidden
You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an
ErrorDocument to handle the request.
------------------------------------------------------------ -------------------
-
Apache/2.0.48 (Unix) mod_jk2/2.0.2 Server at mopppgctxat1.pfizer.com Port
80"

If I do http://server2:8180, getting it fine (from Tomcat/JBoss).

I made all internal ports on the second instance different from the first:
e.g. 8080->8180, 8009->8109, etc.
Even tried to change "Listen :80" to 81, same error.

Curiously, jk2.properties is totally commented out.
I haven't compiled mod_jk, just copied the binary from the 1st instance.
Can that be a problem ?

What can cause error 403 Forbidden on Apache->Tomcat ?

Any help is very appreciated.

Thank you,
Oleg.
olegkon@yahoo.com

Re: Error 403 Forbidden forwarding from Apacha to Tomcat

Post removed (X-No-Archive: yes)

Re: Error 403 Forbidden forwarding from Apacha to Tomcat

On Mon, 2005-05-02 at 03:55 +0000, Oleg Konovalov wrote:
> Hi,
>
> I am trying to create 2 separate environments (dev and test) on one powerful
> Unix server which has 2 network cards, 2 IP addresses, 2 server names...
>
> Using Apache 2.0.43 and Tomcat 4.1.29/JBoss 3.0.7, mod_jk 2.0.43
> on Solaris 9, Intranet environment.
>
> Everything is fine on the first instance,
> but on the second instance when I do http://server2,
> Apache still can't redirect to second Tomcat/JBoss:
>
> "Forbidden
> You don't have permission to access / on this server.
>
> Additionally, a 403 Forbidden error was encountered while trying to use an
> ErrorDocument to handle the request.
> ------------------------------------------------------------ -------------------

This is a almost cerainly *not* a tomcat / java problem - sounds like
Apache to me (Especially with the ErrorDocument qualification).


One thing you should check is that 'server2' is a valid DNS name for
your box (add it to /etc/hosts), otherwise you will get almost random
errors (I have seen 403 in this context).

Also check that you are not denying access, with a directives like:

order deny, allow
deny from all
allow from server

(which is obviously broken from the pov of server2 vhost setup).

And check that your permissions make sense with your new configuration
for your server. If this doesn't help, email directly.



--
[Ross A. Bamford] [ross AT the.website.domain]
Roscopeco Open Tech ++ Open Source + Java + Apache + CMF
http://www.roscopec0.f9.co.uk/ + info@the.website.domain

Re: Error 403 Forbidden forwarding from Apacha to Tomcat

Davide,


>> Using Apache 2.0.43 and Tomcat 4.1.29/JBoss 3.0.7, mod_jk 2.0.43
> mod_Jk 2 have been discontinued, due to extreme complexity of the
> configuration
> and lack of interest, work is now progressing only on mod_jk.
What is the difference between mod_jk and mod_jk2 (features, configuration,
etc.)?
Any good pointers ? What would it take to move from one to another for
novice ?

>> "Forbidden
>> You don't have permission to access / on this server.
> So it seems that your apache doesn't see the mod_jk configuration.
Any idea why or/and how to fix it ?

>> I haven't compiled mod_jk, just copied the binary from the 1st instance.
> If is the same version of jk/apache shouldn't be a problem.
I have Apache 2.0.43 and mod_jk 2.0.43, not sure about JK version, will
double-check.

>> What can cause error 403 Forbidden on Apache->Tomcat ?
> And error in the configuration.
> Given the fact that mod_jk2 is no longer developed I'd suggest to you
> to move to mod_jk 1, unless you have specific need for mod_jk2.
I recently came to that project (bunch of Cocoon/XSLT projects),
all original developers are long gone, no documentation, etc.
As I mentioned, original 1 instance config [Apache, mod_jk, Tomcat/JBoss]
works
just fine on 2 different servers. I am new to all that, so I prefer not to
change things too much
on that stage.


> Also, IIRC, the configuration file name for mod_jk2 is hardwired in
> the code itself, so maybe the second instance is using the same config
> file of the first instance.
2nd instace comes from a different directory, so that might be a problem,
ports also would not match. Are you saying I should try to get the source
code,
configure it and recompile it ? Hmmm, I am not sure which parameters
original developers used....


Thank you very much,
Oleg.



> --
> Q: Why is Microsoft's Product Support a failure?
> A: Because Microsoft needs a Support Group instead.

Re: Error 403 Forbidden forwarding from Apacha to Tomcat

Post removed (X-No-Archive: yes)

Re: Error 403 Forbidden forwarding from Apacha to Tomcat

Ross,

Thank you for answering my post in the newsgroups.

Let me answer to your suggestions:

>One thing you should check is that 'server2' is a valid DNS
name for
>your box (add it to /etc/hosts), otherwise you will get
almost random
>errors (I have seen 403 in this context).
Yes, the following name is defined in the DNS:
Name:
Address:


>Also check that you are not denying access, with a directives
like:
>order deny, allow
>deny from all
>allow from server
>(which is obviously broken from the pov of server2 vhost
setup).
I checked httpd.conf, there is only 1 instance of Deny,
only for *.ht files:
"order allow, deny
Deny from all"

>And check that your permissions make sense with your new
configuration
>for your server. If this doesn't help, email directly.
Please be more specific what permissions I should check.


There are a few things which I am not sure about.
I just copied JK2 and MOD_JK2 binaries from the 1st instance.
Is it possible that something is hardcoded there (directories,
configuration) ?
Do I need to recompile them ?


Also, I changed all ports on the second instance by 100 [e.g.
8009->8109]
It is possible that I missed one of them or made a mistake.
Can that cause error 403 ?

Do ports which my applications use matter ?
(I can not even get a basic login/pwd page: http://server2/ ,
getting error
403)

Does switching to MOD_JK(1) makes sense to you?
I am new to Apache/Tomcat/JBoss, so for me such switch is a
BIG hassle.
At least 1 instance works with JK2...

Is it easy to configure 1 Apache talking to 2 instances of
Tomcat/JBoss ?


Any help is Very appreciated.


Thank you in advance,
Oleg.