[Solved] Access forbidden by server

paul.crown · December 20, 2016, 11:31pm

Greetings,

Full Message:
Acces forbidden by server. To verify that you have proper access, click here to access the service with your browser.

My System
OC 8.2.9 on Ubuntu Server 16.04
Desktop client 2.2.4 on Xubuntu Desktop 16.04

Steps to reproduce
1. Open desktop client, Select Add New.
2. List server https://domain.tld, username and password.

Expected behaviour
Desktop client should begin sync with server.

Actual behaviour
Just the error message. If I click "click here", I can login via the browser just fine.

Client configuration
Client version: 2.2.4
Client operating system: Xubuntu 16.04 LTS

Server configuration
Operating system: Ubuntu Server 16.04
Web server: apache2, 2.4.18
Database: mariadb, 10.0.28
PHP version: php, 7.0.14
ownCloud version (see ownCloud admin page): 8.2.9.4
Updated from an older ownCloud or fresh install: updated from 8.2.7 recently (and from 8.2.1 before that in past 5 months).
Special configurations (external storage, external authentication, reverse proxy, server-side-encryption): none

ownCloud log (data/owncloud.log)

{"reqId":"Rjjoywm68v1P4l73krVz","remoteAddr":"74.193.73.87","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 No basic authentication headers were found\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/lib\\\/private\\\/connector\\\/sabre\\\/auth.php(157): 
Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->authenticate(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#1 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/lib\\\/private\\\/connector\\\/sabre\\\/auth.php(127): 
OC\\\\Connector\\\\Sabre\\\\Auth->auth(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#2 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(118): 
OC\\\\Connector\\\\Sabre\\\\Auth->authenticate(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#3 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): 
call_user_func_array(Array, Array)\\n#5 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(456): 
Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#6 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#7 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/apps\\\/files\\\/appinfo\\\/remote.php(56): 
Sabre\\\\DAV\\\\Server->exec()\\n#8 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/remote.php(137): 
require_once('\\\/mnt\\\/storage\\\/ww...')\\n#9 {main}\",\"File\":\"\\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php\",\"Line\":70}","level":0,"time":"2016-12-20T17:13:17-06:00","method":"PROPFIND","url":"\/remote.php\/webdav\/"}
{"reqId":"b2hvPv6ko2O2LfQYOTf8","remoteAddr":"74.193.73.87","app":"PHP","message":"chmod(): Operation not permitted at \/mnt\/storage\/www\/clients\/client1\/web138\/web\/lib\/private\/log\/owncloud.php#92","level":0,"time":"2016-12-20T17:25:15-06:00","method":"PROPFIND","url":"\/remote.php\/webdav\/"}

Troubleshooting
I see the Operation not permitted in the log, but I don't know what to look for to correct it. Can someone point me in the right direction?

Thanks.

paul.crown · December 21, 2016, 7:24pm

I discovered the relevant error message in the first line of the log listed was No basic authentication headers were found.

In my vhost file, I pass headers on the FastCgiExternalServer line, under mod_fastcgi:

FastCgiExternalServer /var/www/clients/client1/web138/cgi-bin/php-fcgi-443-domain.tld -idle-timeout 300 -socket /var/lib/php/modules/7.0/fpm/web138.sock -pass-header Authorization

This was the same method that was used in the past. To correct this error now, I modified the vhost file under mod_proxy_fcgi, right above ProxyPassMatch, adding:

`SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1`

Desktop client is now able to sync.

anon64530626 · December 21, 2016, 9:13pm

Yes, this is known and documented here: https://central.owncloud.org/t/no-basic-authentication-headers-were-found-message/819

Please note that running ownCloud with anything else then mod_php is unsupported. There is absolutely no guarantee that oC will run on your setup and you're mostly on your own when facing issues related to that mod_proxy_fcgi setup.

Benl · June 1, 2019, 6:03pm

Hi Paul. I am having the same problem here and cant find how to fix this. To be honest I am not very adept for this. Any way I can get a more detail explanation about this.

spacetimepartners · March 1, 2020, 4:19am

This solution worked for me. Basically I had to open the .htaccess file in my public_html document for the server, and add the line that Paul mentioned:

SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

Then I restarted Apache:
service apache2 restart

And then I could get the desktop client to work fine.

Hope this helps!