HTTP 403 When access Administration pages
michaeln
2003 IIS6). When I try to hit the administration pages after logging
on, I get a 403.
Any help would be appreciated.
Thanks !
Staffan Olsson
Have you tried from the server using http://localhost/administration/?
If still 403, you might have found a bug in the configuration. If
allowed, it might be because of the default remote IP restriction.
There is a default configuration for the administration page which
makes some assumptions about your network. It is meant to disallow
access to php-info and any other server administration pages unless
you're on a local/trusted network.
If you look at the repos-httpd.conf file from the Repos Server folder
in the start menu, near the top there is this line:
SetEnvIf Remote_Addr "^192\.168.*$" IS_ADMIN_CLIENT
If you are not at an IP starting with 192.168 you will get 403 for
/administration because of this configuration:
<Location /administration>
Order deny,allow
Deny from all
Allow from env=IS_ADMIN_CLIENT
</Location>
You can add more lines to match known IPs, for example
SetEnvIf Remote_Addr "^123\.123\.123\.123$" IS_ADMIN_CLIENT
Feel free to argue against this setup. I'm not sure it is a good
default. Remote IP might not be fully reliable if there are local
reverse proxy servers.
/Staffan