Ubuntu
sogo package

Access denied to web frontend resources

Bug #1246732 reported by Jan Schneider on 2013-10-31

10

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	sogo (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Any access to CSS or JS files of the web frontend results in:

You don't have permission to access /SOGo.woa/WebServerResources/generic.css on this server.

in the browser and:

[Thu Oct 31 14:33:45.610031 2013] [authz_core:error] [pid 7022] [client 192.168.60.175:54188] AH01630: client denied by server configuration: /usr/lib/GNUstep/SOGo/WebServerResources/generic.css

in the apache logs.

I had to manually copy /usr/share/doc/sogo/apache.conf to /etc/apache2/conf-available/sogo.conf because the package doesn't install a working apache configuration at all.

Revision history for this message

Jeroen Dekkers (dekkers) wrote on 2013-11-04:

#1

The apache configuration is not installed by default because it is just an example that must be adapted before it can be used. That your apache configuration denies access to the web frontend resources is a bug in your apache configuration and not in the sogo package.

Changed in sogo (Ubuntu):
status:	New → Invalid

Revision history for this message

Jan Schneider (yunosh) wrote on 2013-11-04:

#2

It *is* a bug in the sogo package, because this is the standard Apache configuration that ships with Ubuntu. If sogo doesn't work with it out of the box, it *has* to provide an Apache configuration stanza.

Changed in sogo (Ubuntu):
status:	Invalid → New

Revision history for this message

Jan Schneider (yunosh) wrote on 2013-11-07:

#3

And just for the record: the reason why the default configuration doesn't work, is that the most recent Ubuntu versions ship with Apache 2.4 and it new authorization model. Even though mod_access_compat is enabled, the Order/Allow directives don't work, because the base Apache configuration in Ubuntu uses Require. Obviously one cannot override the new directives with the old ones, despite the compatibility module.
Workaround: comment out the <Directory /> stanza in /etc/apache2/apache2.conf.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-03-20:

#4

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sogo (Ubuntu):
status:	New → Confirmed

Revision history for this message

Stuart Longland (redhatter) wrote on 2014-03-20:

#5

Actually, rather than commenting out stanzas, one should just fix the directives to use the correct statement in the sogo.conf:

<Directory /usr/lib/GNUstep/SOGo>
Require all granted

    # Explicitly allow caching of static content to avoid browser specific behavior.
    # A resource's URL MUST change in order to have the client load the new version.
    <IfModule expires_module>
      ExpiresActive On
      ExpiresDefault "access plus 1 year"
    </IfModule>
</Directory>

This seems to work the way the distributed file did, but with Apache 2.4. The file does need customisation by the end user, but it would be a nice courtesy to drop a copy in /etc/apache/confs-available so the user doesn't have to go hunting far for the file.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.