Can't POST with PHP to webapp in Apache/Tomcat, 403 Forbidden error

[mikato]

Ok, I've got a config problem that has stymied me. The crazy thing is I had the same setup, just moved to a new server machine.

 

There is an internal database and web application in Java running on Tomcat through Apache httpd. Then there is the web site on another server which uses PHP. The web site connects to this internal stuff in a couple ways, one of which is just basically POSTing data to a JSP which does the work and returns some XML to the web server for output.

 

Now I installed everything fresh on the new server and got everything working except that I cannot get PHP to post to JSPs like I did before. To debug, I created a PHP file that only did the POST to narrow things down. After debugging, I found I'm getting a 403 Forbidden error - You don't have permission to access /web_connect/web_submit_test.jsp on this server. In the Apache error log is

[Mon Aug 02 18:41:38 2010] [error] [client xxxxxxxxx] client denied by server configuration: web_submit_test.jsp

 

It's strange because when I put the URL directly into my browser, it works fine - it submits a little data, gets back a little xml, that all works. That means it's nothing related to Tomcat. But it doesn't work through my PHP code - which had been working just fine for months on the other server.

 

The Forbidden error makes me check my Apache httpd.conf and httpd-ssl.conf files. I didn't see any difference in allowing or denying. I'm actually not denying anything. Here is the part of httpd-ssl.conf in question:

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
ServerName xxxxx.xxxxxxx.com:443
ServerAdmin xxxxxxxx@xxxxxxx.com
ErrorLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/access.log"

    <Location /web_connect>
        Order allow,deny
        Allow from all
    </Location>
    JkMount /web_connect worker1
    JkMount /web_connect/* worker1
...
</VirtualHost>

 

Note the document root isn't used at all. The web_connect is a Tomcat webapp.

 

The PHP file I'm using to test is:

<?php
$fp = fsockopen("ssl://xxxx.xxxxxx.com", 443, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
} else {
    $out = "POST /web_connect/web_submit_test.jsp?input1=blahblah1&input2=blahblah2 HTTP/1.1\r\n";
    $out .= "Host: xxxxxx.xxxxxxxxx.com\r\n";
    $out .= "Connection: Close\r\n\r\n";//extra line required here
    fwrite($fp, $out);
    while (!feof($fp)) {
        echo fgets($fp, 128);
    }
    fclose($fp);
}
?>

 

I'm pulling my hair out here so any help is appreciated!

[trq]

You sure ssl://xxxx.xxxxxx.com shouldn't be https://xxxx.xxxxxx.com ?

[mikato]

I have tried that, but also no, it's supposed to be ssl://

 

See: http://php.net/manual/en/function.fsockopen.php

If you have compiled in OpenSSL support, you may prefix the hostname with either ssl://  or tls:// to use an SSL or TLS client connection over TCP/IP to connect to the remote host.

[mikato]

Also, when I do it the non-SSL way per that page (removing the ssl:// and changing port to 80), I get a 404 not found error.  I also get a 404 for the direct link in my browser to the JSP strangely.  The Apache log shows it's looking in Apache's htdocs instead of going through to Tomcat.  Change it back to https and the direct link to the JSP still works fine.

[mikato]

I still can't figure out why https://blah.example.com/web_connect/web_submit_test.jsp is working fine in my browser but I get 403 Forbidden when I try to access it with PHP.  The first part works, fsockopen does open a connection since it makes it to the next step.  If I only do a fsockopen and fclose then there is no error.  It's like it's not seeing that's a valid location.  I tried putting in the path to 2 different webapps there (which are also working fine when directly addressed) and got the same error.  Do I need to post a full httpd.conf and httpd-ssl.conf?

[mikato]

@#&%)!^@$#

I figured it out.  Damn Windows permissions weren't really letting me edit the httpd.conf and httpd-ssl.conf when I thought I was (Windows Server 2008).  It gave me an error once when I tried to save so I saved it somewhere else, then copied it over.  After that it was letting me edit it just fine or so I thought.  I found out when I copied it to another location and then opened it there - it was a much earlier version than what I'd been editing.  I had to run my editor As Administrator and then copied over the newer version I had made and then really saved it.  It did need some change from the initial conf files but I'm not going to work backwards to figure out which change did it.  I'll admit, I got the urge to harm a printer when I figured it out.  Seriously flaky permissions bullcrap.