Re: Apache configuration problem

We have a winner!! The authority on JDEANE had *PUBLIC *CHANGE. On TEST15, it was *PUBLIC *EXCLUDE. I changed the authorization list for library TEST15 to add QTMHHTTP with *USE authority and it worked!! Thanks so much.

Dean Eshleman
Everence Financial

On 12/8/2017 3:45 PM, Kevin Bucknum wrote:

What do the permission on JDEANE look like? We don't use CGI for
anything anymore, so it's been many beers ago since I had to play with
any of this. My recollection is that ServerUserID behaves differently
depending on where it is in the config file. It may still be checking
permissions as QTMHHTTP or QTMHHTP1.

Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----

From: WEB400 [mailto:web400-bounces-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx] On Behalf Of Dean
Eshleman
Sent: Friday, December 8, 2017 2:26 PM
To: web400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Subject: Re: [WEB400] Apache configuration problem

Kevin,

Thanks for the suggestion. I checked the authority on TEST15 and it

is

secured by an authorization list that contains user WEBSVC with *ALL
authority. When I look at the Apache error_log file, I see the

message "[Fri

Dec 08 14:23:15 2017] [error] [client 10.1.10.250] (3401)Permission

denied.:

ZSRV_MSG064B: access to /read/GetCharitableGiving denied". When I

look

at the server jobs for the Apache server, I don't see any error

messages.

From what I can tell, it doesn't look like it gets to the point for

trying to call my

RPG program. I tried using a different user for the ServerUserID, but

I still

received the same error.

From reading the Apache documentation, it looks like the Location

directives

are processed after the Directory directives. With that being the

case, I

would have thought that my last Location directive <Location
/read/GetCharitableGiving>
Order Deny,Allow
Allow From All
</Location>

Would have given me authority to access it. Any other ideas?

Dean E.


On 12/8/2017 3:00 PM, Kevin Bucknum wrote:

It likely the permission differences between library JDEANE and
TEST15, and not your config.

Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----

From: WEB400
[mailto:web400-bounces-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx]

On

Behalf Of Dean Eshleman
Sent: Friday, December 8, 2017 1:37 PM
To: web400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Subject: [WEB400] Apache configuration problem

I'm trying to call a web service configured in Apache and I keep

receiving a

403 error. I have changed the Apache configuration multiple times
and

I can't

figure out what is causing the problem. Here is some of the config

file:

<Directory />
Order Deny,Allow
Deny From all
</Directory>
<Directory /www/apachews/htdocs>
Order Allow,Deny
Allow From all
</Directory>

<Directory /qsys.lib/test15.lib/>
Order Allow,Deny
Allow From all
</Directory>

ScriptAlias /restsrv1 /qsys.lib/jdeane.lib/restsrv1.pgm

ScriptAlias /restsrv2 /qsys.lib/jdeane.lib/restsrv2.pgm

ScriptAlias /read/GetHealthInsurance
/qsys.lib/jdeane.lib/restsrv4.pgm

ScriptAlias /read/GetClientsForName

/qsys.lib/jdeane.lib/restsrv3.pgm

ScriptAlias /read/GetData /qsys.lib/jdeane.lib/$getwebsvc.pgm

ScriptAlias /read/GetCharitableGiving

/qsys.lib/test15.lib/gww044.pgm

<Location /restsrv2>
SetEnv QIBM_CGI_CHANGE_CURLIB N
ServerUserID JDEANE
SetEnv QIBM_CGI_LIBRARY_LIST

"QGPL;JDEANE;MGPL;LIBHTTP;CGIDEV2"

</Location>
<Location /read>
ServerUserID WEBSVC
SetEnv QIBM_CGI_CHANGE_CURLIB N
SetEnv QIBM_CGI_LIBRARY_LIST
"QGPL;ISDEPT;MGPL;TAATOOL;OBJECT;YAJL"
</Location>
<Location /read/GetData>
Order Allow,Deny
Allow From 10.2.0.31 10.2.0.109 10.1.10.250 </Location>

<Location

/read/GetCharitableGiving>
Order Deny,Allow
Allow From All
</Location>

I'm using SOAPUI to do my testing and the URL I'm using is
http://as400.mma-
online.org:8500/read/GetCharitableGiving?ownerclientid=1234567.

What

is

strange is that I'm able to call the http://as400.mma-
online.org:8500/read/GetData?firstname=Marilyn&lastname=Yoder just
fine. Why does GetData work and GetCharitableGiving doesn't? Any

ideas

why my config file isn't working? This is Apache 2.2 on IBM I 7.1.

Dean Eshleman
Software Development Architect
Everence

1110 North Main Street
PO Box 483
Goshen, IN 46527
(800) 348-7468 ext. 3528
(574) 533-9515 ext. 3528
everence.com<http://www.everence.com/>
[fc2745be-b863-4611-91bd-
0b5a45f8fda6]<http://www.everence.com/MyNeighbor>

__________________________________________________________
____________
Confidentiality Notice: This information is intended only for the

individual or

entity named. If you are not the intended recipient, do not use or

disclose

this information. If you received this e-mail in error, please delete

or

otherwise destroy it and contact us at (800) 348-7468 so we can take

steps to

avoid such transmission errors in the future. Thank you.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)

mailing list

To post a message email: WEB400-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx To subscribe,

unsubscribe,

or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request-Zwy7GipZuJhWk0Htik3J/w@xxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/web400.

______________________________________________________________________
Confidentiality Notice: This information is intended only for the individual or entity named. If you are not the intended recipient, do not use or disclose this information. If you received this e-mail in error, please delete or otherwise destroy it and contact us at (800) 348-7468 so we can take steps to avoid such transmission errors in the future. Thank you.