[Solved] Access forbidden by server

Greetings,

Full Message:
Acces forbidden by server. To verify that you have proper access, click here to access the service with your browser.

My System
OC 8.2.9 on Ubuntu Server 16.04
Desktop client 2.2.4 on Xubuntu Desktop 16.04

Steps to reproduce
1. Open desktop client, Select Add New.
2. List server https://domain.tld, username and password.

Expected behaviour
Desktop client should begin sync with server.

Actual behaviour
Just the error message. If I click "click here", I can login via the browser just fine.

Client configuration
Client version: 2.2.4
Client operating system: Xubuntu 16.04 LTS

Server configuration
Operating system: Ubuntu Server 16.04
Web server: apache2, 2.4.18
Database: mariadb, 10.0.28
PHP version: php, 7.0.14
ownCloud version (see ownCloud admin page): 8.2.9.4
Updated from an older ownCloud or fresh install: updated from 8.2.7 recently (and from 8.2.1 before that in past 5 months).
Special configurations (external storage, external authentication, reverse proxy, server-side-encryption): none

ownCloud log (data/owncloud.log)

{"reqId":"Rjjoywm68v1P4l73krVz","remoteAddr":"74.193.73.87","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 No basic authentication headers were found\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/lib\\\/private\\\/connector\\\/sabre\\\/auth.php(157): 
Sabre\\\\DAV\\\\Auth\\\\Backend\\\\AbstractBasic->authenticate(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#1 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/lib\\\/private\\\/connector\\\/sabre\\\/auth.php(127): 
OC\\\\Connector\\\\Sabre\\\\Auth->auth(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#2 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php(118): 
OC\\\\Connector\\\\Sabre\\\\Auth->authenticate(Object(OC\\\\Connector\\\\Sabre\\\\Server), 'ownCloud')\\n#3 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): 
call_user_func_array(Array, Array)\\n#5 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(456): 
Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#6 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#7 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/apps\\\/files\\\/appinfo\\\/remote.php(56): 
Sabre\\\\DAV\\\\Server->exec()\\n#8 \\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/remote.php(137): 
require_once('\\\/mnt\\\/storage\\\/ww...')\\n#9 {main}\",\"File\":\"\\\/mnt\\\/storage\\\/www\\\/clients\\\/client1\\\/web138\\\/web\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Backend\\\/AbstractBasic.php\",\"Line\":70}","level":0,"time":"2016-12-20T17:13:17-06:00","method":"PROPFIND","url":"\/remote.php\/webdav\/"}
{"reqId":"b2hvPv6ko2O2LfQYOTf8","remoteAddr":"74.193.73.87","app":"PHP","message":"chmod(): Operation not permitted at \/mnt\/storage\/www\/clients\/client1\/web138\/web\/lib\/private\/log\/owncloud.php#92","level":0,"time":"2016-12-20T17:25:15-06:00","method":"PROPFIND","url":"\/remote.php\/webdav\/"}

Troubleshooting
I see the Operation not permitted in the log, but I don't know what to look for to correct it. Can someone point me in the right direction?

Thanks.

I discovered the relevant error message in the first line of the log listed was No basic authentication headers were found.

In my vhost file, I pass headers on the FastCgiExternalServer line, under mod_fastcgi:

FastCgiExternalServer /var/www/clients/client1/web138/cgi-bin/php-fcgi-443-domain.tld -idle-timeout 300 -socket /var/lib/php/modules/7.0/fpm/web138.sock -pass-header Authorization

This was the same method that was used in the past. To correct this error now, I modified the vhost file under mod_proxy_fcgi, right above ProxyPassMatch, adding:

`SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1`

Desktop client is now able to sync.

1 Like

Yes, this is known and documented here: https://central.owncloud.org/t/no-basic-authentication-headers-were-found-message/819

Please note that running ownCloud with anything else then mod_php is unsupported. There is absolutely no guarantee that oC will run on your setup and you're mostly on your own when facing issues related to that mod_proxy_fcgi setup.

Hi Paul. I am having the same problem here and cant find how to fix this. To be honest I am not very adept for this. Any way I can get a more detail explanation about this.