This question about Installation of Foswiki: Answered

RewriteRule Directive is forbidden

I have been trying without success to configure Foswiki on my Ubuntu webserver. It has been installed as a subdomain virtual server and is working except that skins are not being applied at all. I have checked permissions, path/URL settings and they all seem fine. I used the ApacheConfigurator with Rewrite URLs selected.

This was addressed in the ApacheConfigGenerator. FollowSymLinks can now be requested. Do we still need a task for this?
-- GeorgeClark - 27 Jun 2009

My apache error log reports, for eg:
FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: 
/var/www/foswiki/pub/System/DocumentGraphics/searchtopic.gif, referer: http://admin.mywebsite/bin/view/System/WebHome

Here is the virtual server.conf

# Autogenerated httpd.conf file for Foswiki.
# Generated at http://foswiki.org/Support/ApacheConfigGenerator?dir=/var/www/foswiki;allowconf=;requireconf=admin;loginmanager=None;phpinstalled=PHP4;errordocument=UserRegistration;foswikiversion=1.0.0;shorterurls=enabled;vhost=admin.mysite.com;pathurl=admin.mysite.com;engine=CGI;apver=2;fastcgimodule=fastcgi
# For Foswiki version 1.0.0

<VirtualHost >
ServerAdmin webmaster@admin.mysite.com
DocumentRoot /var/www/foswiki
ServerName admin.mysite.com
ServerAlias www.mysite.com
# The Alias defines a url that points to the root of the Foswiki installation.
# The first parameter will be part of the URL to your installation e.g.
# http://my.co.uk/foswiki/bin/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias admin.mysite.com/bin "/var/www/foswiki/bin"
# The following Alias is used to access files in the pub directory (attachments etc)
# It must come after the ScriptAlias.
Alias admin.mysite.com/pub "/var/www/foswiki/pub"
# short urls
Alias admin.mysite.com "/var/www/foswiki/bin/view"
RewriteEngine on
RewriteRule ^admin.mysite.com/+bin/+view/+(.) admin.mysite.com/$1 [L,NE,R]
RewriteRule ^admin.mysite.com/+bin/+view$ admin.mysite.com/ [L,NE,R]
# Block access to typical spam related attachments
# Except the Foswiki directory which is read only and does have attached html files.
SetEnvIf Request_URI "admin.mysite.com/pub/.*\.[hH][tT][mM][lL]?$" blockAccess
SetEnvIf Request_URI "admin.mysite.com/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess
# This enables access to the documents in the Foswiki root directory
<Directory "/var/www/foswiki">
Order Allow,Deny
Allow from all
Deny from env=blockAccess
</Directory>

# This specifies the options on the Foswiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
<Directory "/var/www/foswiki/bin">
AllowOverride None
Order Allow,Deny
Allow from all
Deny from env=blockAccess
Options ExecCGI FollowSymLinks
SetHandler cgi-script
# Password file for Foswiki users
AuthUserFile /var/www/foswiki/data/.htpasswd
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic
# File to return on access control error (e.g. wrong password)
ErrorDocument 401 admin.mysite.com/bin/view/System/UserRegistration
# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# It exposes system details that can help attackers.
<FilesMatch "^(configure)$">
SetHandler cgi-script
Require user admin
</FilesMatch>
</Directory>
# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are not protected by Foswiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "/var/www/foswiki/pub">
Options None
AllowOverride None
Order Allow,Deny
Allow from all
Deny from env=blockAccess
ErrorDocument 404 admin.mysite.com/bin/viewfile
# Disable execusion of PHP scripts
php_admin_flag engine off
# This line will redefine the mime type for the most common types of scripts
AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
#
#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
# reducing the load on the server significantly
#IF you can, you should enable this - it will improve your Foswiki experience, even if you set it to under one day.
# you may need to enable expires_module in your main apache config
#LoadModule expires_module libexec/httpd/mod_expires.so
#AddModule mod_expires.c
#<ifmodule mod_expires.c>
# <filesmatch "\.(jpg|gif|png|css|js)$">
# ExpiresActive on
# ExpiresDefault "access plus 11 days"
# </filesmatch>
#</ifmodule>
#
</Directory>

# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
# We prevent viewing any attachments directly from pub
<Directory "/var/www/foswiki/pub/Trash">
deny from all
</Directory>

# Security note: All other directories should be set so
# that they are not visible as URLs, so we set them as deny from all.

<Directory "/var/www/foswiki/data">
deny from all
</Directory>

<Directory "/var/www/foswiki/templates">
deny from all
</Directory>

<Directory "/var/www/foswiki/lib">
deny from all
</Directory>

<Directory "/var/www/foswiki/locale">
deny from all
</Directory>

<Directory "/var/www/foswiki/tools">
deny from all
</Directory>
<Directory "/var/www/foswiki/working">
deny from all
</Directory>

# We set an environment variable called blockAccess.
# Setting a BrowserMatchNoCase to ^$ is important. It prevents Foswiki from
# including its own topics as URLs and also prevents other Foswikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a Foswiki
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess

BrowserMatchNoCase ^Accoona blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase BecomeBot blockAccess
BrowserMatchNoCase ^bot blockAccess
BrowserMatchNoCase Charlotte/ blockAccess
BrowserMatchNoCase ^ConveraCrawler blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^e-SocietyRobot blockAccess
BrowserMatchNoCase ^Exabot blockAccess
BrowserMatchNoCase ^FAST blockAccess
BrowserMatchNoCase ^FDM blockAccess
BrowserMatchNoCase ^GetRight/6.0a blockAccess
BrowserMatchNoCase ^GetWebPics blockAccess
BrowserMatchNoCase ^Gigabot blockAccess
BrowserMatchNoCase ^gonzo1 blockAccess
BrowserMatchNoCase ^Google\sSpider blockAccess
BrowserMatchNoCase ^ichiro blockAccess
BrowserMatchNoCase ^ie_crawler blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^IRLbot blockAccess
BrowserMatchNoCase Jakarta blockAccess
BrowserMatchNoCase ^Java blockAccess
BrowserMatchNoCase ^KrakSpider blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^LinkWalker blockAccess
BrowserMatchNoCase ^Lsearch blockAccess
BrowserMatchNoCase ^Microsoft blockAccess
BrowserMatchNoCase ^MJ12bot blockAccess
BrowserMatchNoCase MSIECrawler blockAccess
BrowserMatchNoCase ^MSRBOT blockAccess
BrowserMatchNoCase ^noxtrumbot blockAccess
BrowserMatchNoCase ^NutchCVS blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Rome blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^schibstedsokbot blockAccess
BrowserMatchNoCase ^Seekbot blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^Snapbot blockAccess
BrowserMatchNoCase ^sogou blockAccess
BrowserMatchNoCase ^SpiderKU blockAccess
BrowserMatchNoCase ^SpiderMan blockAccess
BrowserMatchNoCase ^Squid blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^User-Agent\: blockAccess
BrowserMatchNoCase VoilaBot blockAccess
BrowserMatchNoCase ^voyager blockAccess
BrowserMatchNoCase ^w3search blockAccess
BrowserMatchNoCase ^Web\sDownloader blockAccess
BrowserMatchNoCase ^WebCopier blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^WebSec blockAccess
BrowserMatchNoCase ^WebVac blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Wells blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase www\.netforex\.org blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^yacybot blockAccess
BrowserMatchNoCase ^ZIBB blockAccess
BrowserMatchNoCase ^$ blockAccess
-- ChrisEllis - 03 Mar 2009

Heya Chris - you could crib off the foswiki debian package sources (including the Apache cfg) - http://svn.foswiki.org/trunk/core/tools/pkg/debian/

or of course, just use them - http://fosiki.com/Foswiki_debian/

smile

-- SvenDowideit - 21 Mar 2009

OK - I finally found the solution to the problem. I am suprised that no-one else has come up against this problem.

Unless I am mistaken the ApacheConfigGenerator has generated a configuration for the /var/www/foswiki/pub (where the Skins reside) with Options None.

Obviously, it needs to be:

<Directory "/var/www/foswiki/pub">
    Options FollowSymLinks SymLinksIfOwnerMatch
    AllowOverride All
order allow,deny
allow from all
deny from env=blockAccess
    ErrorDocument 404 /bin/viewfile

    # Disable execusion of PHP scripts
    php_admin_flag engine off

    # This line will redefine the mime type for the most common types of scripts
    AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
#
#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
# reducing the load on the server significantly
#IF you can, you should enable this - it _will_ improve your Foswiki experience, even if you set it to under one day.
# you may need to enable expires_module in your main apache config
#LoadModule expires_module libexec/httpd/mod_expires.so
#AddModule mod_expires.c
#<ifmodule mod_expires.c>
#  <filesmatch "\.(jpg|gif|png|css|js)$">
#       ExpiresActive on
#       ExpiresDefault "access plus 11 days"
#   </filesmatch>
#</ifmodule>
#
</Directory>

# Spammers are known to attach

QuestionForm edit

Subject Installation of Foswiki
Extension
Version
Status Answered
Topic revision: r6 - 26 Sep 2009, OliverKrueger
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy