---markus---

On 18 Jun 2021, at 14:25, Ralf Schuchardt <webobjects-dev@wocommunity.org> wrote:
Do you have a =E2=80=9ELocation=E2=80=9C based = access grant in your config?
In my = (CentOS) Apache config I have this statement:
# Specific to Apache =
2.4
<Location /cgi-bin/WebObjects/>
    <Limit GET POST OPTIONS >
      Require all granted
    </Limit>
    Require all denied
</Location>
I have also commented out all = ScriptAlias* directives in all apache config files.
Logging can be enabled by setting a WebObjectsLog = directive:
# To change the =
logging options, read the following comments:
# The option name is "WebObjectsLog" and the first value indicates the =
path of the log file.
# The second value indicates the log level. There are five, in =
decreasing informational order:
#       "Debug",    "Info",    "Warn",    "Error",    "User"
#
# Note: To enable logging, touch '/tmp/logWebObjects' as the =
administrator user (usually root).
# After apache starts, you'll have to change the owner permissions to =
'www'.
# Type: sudo chown www /Library/WebObjects/Logs/WebObjects.log
# See <rdar://problem/5296267> /tmp/logWebObjects insecure =
tempfile in WebObjects
#
# The following line is the default:
# WebObjectsLog /tmp/WebObjects.log Debug
For simple applications you = could also completely discard the WOAdaptor and use the standard proxy = mechanism. Single instance deployments don=E2=80=99t even need a = balancer setup:
# in the site config:
ProxyPass /cgi-bin/WebObjects/App.woa http://localhost:2001/cgi-bin/WebObjects/App.woa
ProxyPassReverse /cgi-bin/WebObjects/App.woa  http://localhost:2001/cgi-bin/WebObjects/App.woa

<Proxy http://localhost:2001/cgi-bin/WebObjects/App.woa/>
	Require all granted
    Options none
    RequestHeader append x-webobjects-adaptor-version "mod_proxy"
</Proxy>
Ralf
On 18 Jun 2021, at 12:48, Markus Ruggiero (rucotec) = wrote:
Thanks Jesse, = yeah, I tried all. All files are w:r including = /Library/WebObjects/Configuration/* where SiteConfig.xml lives. = JavaMonitor is writing the SiteConfig.xml, wotaskd uses it and it is = readable for anything Apache.

Apache running under _www or, as I just now tried running it = under my own uid, makes no difference. The error_log shows this = line:
[Fri Jun 18 10:39:44.022934 2021] = [authz_core:error] [pid 50274] [client 127.0.0.1:60139] AH01630: client = denied by server configuration: /apps, referer: http://localhost:3333/cgi-bin/WebObjects/JavaMonitor.woa/wo/6tR= ZCAqtsrsCiSrXLUPUMg/0.0.1.0

I tried with cgi-bin as well as = apps.

For me = this indicates something in WOAdaptor not being right. When I google = this error everyone is pointing to Apache config where in some places = Require all allowed is needed. That is there and Apache can serve static = filesystem based resources.
As the error = points to /apps as the resource that is not accessible this again points = to WOAdaptor. /apps is NOT a file system path (no <Directory> = block in http.conf) but is part of the adaptor URL (set in JavaMonitor = as http://woapps/apps/WebObjects). Seems that WOAdaptor does = not properly take over and then of course Apache would try to access = this non-existing path.

This brings me to the next question: how do I debug = WOAdaptor? Or am I going nuts?

Something else: I compared all the = LoadModule directives in httpd.conf with those on the customer = deployment and made sure there weren=E2=80=99t modules excluded. Nothing = helped. Next is probably to virtualise the client deployment machine, = strip it down to the bare minimum and run it as a test deployment server = inside VMWare. Maybe last resort....

---markus---

On 17 Jun 2021, at 17:07, Jesse Tayler <webobjects-dev@wocommunity.org> wrote:

Well, gosh, it just has to be apache and the OS =E2=80= =94 run down the list of suspects

"client denied by server configuration" is reported so = that=E2=80=99s basically the OS saying you can=E2=80=99t read =E2=80=94 = I think?

I = can=E2=80=99t read your rules, but since apache doesn=E2=80=99t seem to = barf did you check user and OS level stuff carefully?

- the user that is = running apache?
- the actual folder and parent = folder settings?
- read those folders as that user = from the command line?

Other random tests regarding OS level file = permissions?

I=E2=80=99m no expert here, but I=E2=80=99m pretty sure those = files gotta be 755 and it seems like the apache log is reporting a = filesystem level permission error=E2=80=A6?

On Jun 17, 2021, at 10:59 AM, Markus Ruggiero = (rucotec) <webobjects-dev@wocommunity.org> wrote:

This is a new = setup. Up to now I have had a dedicated deployment machine that works. = As this is for a customer I do not want to touch it.

We have a weird problem that only shows = when more than one instance of the same app is running. To be able to = debug and analyze this I thought I=E2=80=99d configure my dev machine so = that I can deploy to it easily without disturbing anything = productive.

Yes,= of course mod_webobjects is loaded. This is the full = wo_apache.config:

LoadModule WebObjects_module = /Users/Shared/Developer/Libraries/Wonder/ApacheWOAdaptor/Apache2.4/macOS/m= od_WebObjects.so
WebObjectsAlias = /apps/WebObjects
WebObjectsConfig http://woapps:1085 10

all the other nice stuff = in there is commented and not active.

If on a command line I type
apachectl -F

I get a whole list of known directives and there are many WO = related ons. Where else would Apache get those if not through mod_webobjects? This = indicates that the module is properly loaded.

On 17 Jun 2021, at 16:44, Jesse = Tayler <webobjects-dev@wocommunity.org> wrote:

Sounds like apache, are you sure things like = mod_webobjects are loaded and those base things?

I can=E2=80=99t read apache = rules=E2=80=A6sorry! They are all just random characters to me=E2=80=A6I = guess the questions is what=E2=80=99s changed or is this a new setup = giving you a hard time?

On Jun = 17, 2021, at 10:40 AM, Markus Ruggiero (rucotec) <webobjects-dev@wocommunity.org> wrote:

Probably missing something so basic that I simply do = not see it. Must be too hot outside (33 Celsius) and no aircon in the office = (31 Celsius).
Hope someone can point me in = the right direction.

Deployment setup on my dev machine (MBpro, macOS Catalina, = JRE 15). Apache installed via homebrew (Apache/2.4.46 (Unix)), Apple's = Apache not in use

Apache configured with various virtual hosts, resolved = through /etc/hosts. This all works, Apache serves static resources from = these hosts.

JavaMonitor runs, wotaskd runs, Apache loads WOAdaptor by = including wo_apache.conf
apachectl -F knows about WOAdaptor, = so I assume it is properly loaded

wo_apache.conf has this line:
WebObjectsAlias /apps/WebObjects

The Apache config file = http.conf has this line
# = ScriptAliasMatch ^/cgi-bin/((?!(?i:webobjects)).*$) = "/usr/local/var/www/CGI-Executables/$1"
ScriptAliasMatch ^/apps/((?!(?i:webobjects)).*$) = "/usr/local/var/www/CGI-Executables/$1"

(tried both variants, with cgi-bin and = the one with apps)

In WOMonitor this is the URL to the adaptor:
http://woapps/apps/WebObjects
(woapps = being one of my virtual hosts)

When I try to = access an installed app the browser reports an error
"You don't have permission to access this = resource=E2=80=9D

and Apache puts a message into the error log file:
[Thu Jun 17 13:43:57.329921 2021] = [authz_core:error] [pid 42093] [client 127.0.0.1:64420] AH01630: client = denied by server configuration: /apps

/apps is not a directory but the first = part of the WO URL and thus should go to the WOAdaptor. Has the = ScriptAliasMatch (see above) anything to do with this?

Thanks for any = help
---markus---

Markus = Ruggiero

rucotec GmbH =         web https://rucotec.ch
Steinenvorstadt 79 =       email markus.ruggiero@rucotec.ch
4051 Basel / Switzerland =      mobile +41 79 508 4701

Markus = Ruggiero

rucotec GmbH =         web https://rucotec.ch
Steinenvorstadt 79 =       email markus.ruggiero@rucotec.ch
4051 Basel / Switzerland =      mobile +41 79 508 4701