Ubuntu – Forbidden You don’t have permission to access /cgi-bin/mailman/

apache-2.4forbiddenmailmanUbuntuubuntu-14.04

I just upgraded from Ubuntu server to 14.0.4 LTS and I can no longer access Mailman via the Web Interface. I get a 403 forbidden error (Forbidden: You don't have permission to access /cgi-bin/mailman/). I've gone over the apache configuration a few times now and don't see the issue.

I am running Apache 2.4.7 and Mailman 2.1.16. Here is the configuration in my /etc/mailman/apache2.conf. I'm not sure where else to look at this point. Could it be a virtual host issue?

# Logos:
Alias /images/mailman/ /usr/share/images/mailman/

# Use this if you don't want the "cgi-bin" component in your URL:
# In case you want to access mailman through a shorter URL you should enable
# this:
#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
# In this case you need to set the DEFAULT_URL_PATTERN in
# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie
# authentication code to work.  Note that you need to change the base
# URL for all the already-created lists as well.

<Directory /usr/lib/cgi-bin/mailman/>
    AllowOverride all
    Options +ExecCGI
    AddHandler cgi-script .cgi index.cgi
    Order allow,deny
    Allow from all
</Directory>
<Directory /var/lib/mailman/archives/public/>
    Options +FollowSymlinks
    AllowOverride all
    Order allow,deny
    Allow from all
</Directory>
<Directory /usr/share/images/mailman/>
    AllowOverride all
    Order allow,deny
    Allow from all
</Directory>

Best Answer

No, it is surely not a virtualhost problem.

(1)

You get 403 error not only if your apache configs aren't these directories allowed, but if even apache doesn't have the permission to reach this directory.

To know this, you can very easily test that: simply su to the apache user (su www-data -c /bin/bash), and try to step in the named directory, list it, read files from it, etc., just as the apache did serving your request.

(2)

Anyways, normally the error.log of the apache contains mostly relatively clear and understable reasoning, why a such request wasn't servicable.

(3)

Next to that, what could be go: you could stop the apache and then restart in with a strace. So:

strace -s 200 -f -o trace.txt apachectl start

It will be slow, but you will get a very detailed log in trace.txt, where you will be able to find out, what was the problem exactly. Unfortunately, this whole trick is probably very cryptic for you.

(4) The probable solution:

Between apache 2.2 and 2.4 the config file syntax a little bit changed. Your ubuntu upgrade probably upgraded the apache, but didn't changed the config. Read this to get a more detailed answer: https://httpd.apache.org/docs/2.4/upgrading.html#access .

Related Topic