Host file for Orion 7.0.3 on Win 7 - Error 403

[peteradie]

Hi,

I was running Orion 7.0.2 without any issues. I then upgraded to 7.0.3. When starting UniServer on Windows 7, Iinternet Explorer v9 gave me the following error:

 

"HTTP 403 Forbidden. The website declined to show this webpage"

 

I found the only solution was to go into C:\Windows\System32\drivers\etc\hosts and uncomment the line "127.0.0.1 localhost."

 

Any idea why I needed to make this change? I would prefer Win7 to resolve localhost itself.

 

Is there anything I can do that would allow me to put the host file back the way it was?

 

Any help gratefully received.

 

Thanks in advance,

Peter Adie

[makantruzz]

hey, I have some problem with you.

when accessing localhost on url, the 403 eror appear.

but when I type 127.0.0.1 it's running as well.

but I am want it's running on localhost also. any idea to resolve it ??

I am running on windows 7.

[emiljan]

Go to your hosts file and uncomment the "127.0.0.1 localhost" part. I was having the same issue and this fixed it.

 

The hosts file is located in C:\Windows\System32\drivers\etc\hosts.

 

To edit the hosts file, right-click on Notepad and run as administrator. Then open the hosts file and remove the # character in front of "# 127.0.0.1 localhost" part and save the file.

[peteradie]

Thanks for the replies.

 

I already know modifying the hosts file is one fix to the problem. I explained that in my original post.

 

My question is why do I need to make this change for v7.0.3 when it was NOT required for v7.0.2? This solution prevents Win 7 automatically resolving localhost and prevents use of IPv6.

 

I think something has changed in the way 7.0.3 thru 7.0.5 (so far) handle localhost. I have to make the same change for each of these versions.

[peteradie]

Update:

 

Orion 7.0.6 (just released) works fine with 172.0.0.1 commented out, leaving Win 7 to resolve localhost. This behaviour is the same as I had previously with Orion 7.0.2 and is what I want.

 

My host file is back to:

# 127.0.0.1 localhost

[nikudza]

I already know modifying the hosts file is one fix to the problem. I explained that in my original post.

My question is why do I need to make this change for v7.0.3 when it was NOT required for v7.0.2? This solution prevents Win 7 automatically resolving localhost and prevents use of IPv6.

I think something has changed in the way 7.0.3 thru 7.0.5 (so far) handle localhost. I have to make the same change for each of these versions.

 

I'm still having the same problem with Orion 7.0.8! What should I do to leave the hosts file untouched?

 

Orion 7.0.1 still works fine without making any changes to the hosts file.

 

Also, everything is fine in Opera, no matter what version of Uniserver I use. My system is Win 7.

 

Help somebody, please!

[peteradie]

Turns out my previous update (May 26th) was incorrect. It still doesn't work without the host file being modified even with Orion 7.0.8. So, the problem remains unresolved for me.

 

Anybody able to help, or do I just wait until an update eventually fixes the problem?

[BobS]

I was running Orion 7.0.2 without any issues. I then upgraded to 7.0.3. When starting UniServer on Windows 7, Iinternet Explorer v9 gave me the following error:

 

"HTTP 403 Forbidden. The website declined to show this webpage"

 

I found the only solution was to go into C:\Windows\System32\drivers\etc\hosts and uncomment the line "127.0.0.1 localhost."

 

Any idea why I needed to make this change? I would prefer Win7 to resolve localhost itself.

So let's go back to the start.

What changed? According to the Change Log, the version of Apache was updated to 2.2.18 r2.

This is pretty significant, since it's the emitter of HTTP 403.

In addition, there were two small changes in the httpd.conf file, and both relate to what is returned to the caller:

apache2\conf\http.conf:

---------

# The following lines prevent .htaccess and .htpasswd files from being

# viewed by Web clients.

Order allow,deny

Deny from all

Satisfy All

---------

# ServerTokens

# This directive configures what you return as the Server HTTP response

# Header. The default is 'Full' which sends information about the OS-Type

# and compiled in modules.

# Set to one of: Full | OS | Minor | Minimal | Major | Prod

# where Full conveys the most information, and Prod the least.

ServerTokens Prod (vs Full in 7.0.2)

---------

There's nothing specific that tells us exactly what triggered the 403 error, but I have

typically seen this in relation to the .htaccess file, so let's check that change out.

 

Look at this reference in the Apache documentation:

http://httpd.apache.org/docs/2.2/mod/core.html#satisfy

This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password.

 

For example, if you wanted to let people on your network have unrestricted access to a portion of your website, but require that people outside of your network provide a password, you could use a configuration similar to the following:

 

Require valid-user

Order allow,deny

Allow from 192.168.1

Satisfy Any

So when the "Satisfy All" was added, it required the IP address to match the "Allow from 127.0.0.1"

in the .htaccess files.

I'll bet this is the change that "created" your 403 error.

You can validate this by temporarily commenting out the "Satisfy All"

 

But why do we get an IP mismatch?

The other thing I'd like to know is what your Windows 7 is returning when you ping localhost.

I'll bet that it is an IPv6 loopback, and that's what generates the IP mismatch, since we're

expecting only IPv4 loopback for this.

 

Just a few suggestions; you'll have to prove them out, since I could be wrong! Please post your results!

Regards,

BobS

[makantruzz]

I still have problem with this situation. but when uniserver run under xp it's run smoothly. when it's run under win 7 the problem occur. and I have ping to localhost and the result is what you have talked about. any suggestion how to resolve this problem ??

[Ric]

Solution to localhost not resolving on W7 is embarrassingly simple. BobS posts along with other snippets in this thread provide the answer.

 

A new installation of W7 has its localhost entries commented out. When asked to resolve localhost it correctly returns an ipv6 address. Previous versions of Apache were unable to resolve this hence a quick fix was to enable ipv4 by un-commenting appropriate line in the W7 hosts file. Problem appears resolved however only masked.

 

Current version of Apache (2.2.19) is ipv6 compliant and runs on W7 with no issues. Uniform server’s configuration is to restrict access and allow only localhost with an ipv4 address. Apache correctly rejects the localhost ipv6 address; in other words W7 and Apache are working correctly. I stress this because previous versions have had bugs requiring certain workarounds.

 

To properly configure Uniform Server, add the following line to all htaccess files:

Allow from ::1

 

Files to edit:

UniServer\home\admin\www\.htaccess

UniServer\ssl\.htaccess

UniServer\www\.htaccess

Locate this section in each file:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

 

And replace with:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1

 

Above will be included in next release.

7.0.9 Released

 

Regards Ric

[nikudza]

Looks like Orion 7.0.9 has solved the problem... So far:)

Thanks to the developers!

[peteradie]

Thanks for all replies. Much appreciated.

 

I can also confirm v7.0.9 has fixed the localhost resolution problem. The 3 htaccess files have the changes mentioned by Ric.

 

I did notice that when starting Uniform Server v7.0.9 I got this Security Alert:

IP ADDRESS is not 127.0.0.1, but '::1'.

Note: HTTP_REFERER is 'localhost'.

To disable this warning set $unisecure to 0 in: /home/admin/www/includes/config.inc.php

 

I followed the instruction, modifed the config.inc.php file and everything is fine now. I'm comfortable making this change as I only use Unifrom Server locally before putting my web pages up to a remote host. However, I wonder what the security implications would be if I was allowing external access?

 

BobS - Thanks for taking the time to reply with some pointers to try. For info, I did ping localhost on my PC and received the following:

C:\>ping localhost

 

Pinging AsusQuad [::1] with 32 bytes of data:

Reply from ::1: time<1ms

Reply from ::1: time<1ms

Reply from ::1: time<1ms

Reply from ::1: time<1ms

 

Ping statistics for ::1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

Regards,

Peter

[makantruzz]

yes with new release uniserver 7.0.9 the problem is resolved. thx for developer. now I can start writing my PHP-MySQL without any problem.

[BobS]

I did notice that when starting Uniform Server v7.0.9 I got this Security Alert:

IP ADDRESS is not 127.0.0.1, but '::1'.

Note: HTTP_REFERER is 'localhost'.

To disable this warning set $unisecure to 0 in: /home/admin/www/includes/config.inc.php

Note that instead of $unisecure this should read $us_secure. This needs to be updated in English.php.

 

In reality you should NOT get this warning when using localhost. The code in secure.php needs to be updated so that both IPv4 AND IPv6 entries are accepted.

Specifically, line 15 should be:

	if ( !($us_ip == "127.0.0.1" | $us_ip == "::1" ))  {

Regards,

BobS

[BobS]

Please note that you can include multiple addresses and address ranges on a single "Allow from" line.

 

Allow from 127.0.0.1 ::1

 

works just fine.

Also, for your local LAN, you can add 192.168 to cover any of the addresses in typical home DHCP ranges.

 

Allow from 127.0.0.1 ::1 192.168

 

You'll want to edit \UniServer\user\local\apache2\conf\httpd.conf to enable the Apache status and info commands. These are lines 980 and 991. Just modify them as above.

 

Regards,

BobS