Web Interface access over SSL getting 403 error


#1

I had Nagios 3.0.6 up and running successfully using straight http and basic authentication per the Quick Start instructions found in the documentation. (That process went quite smoothly and I’ve populated several hosts for monitoring.)

I want to take it to the next “secure” level and access the site over HTTPS. To do this on an CentOS server (2.6) running Apache (2.x), I un-commented the line “SSLRequireSSL” in the /etc/httpd/conf.d/nagios.conf file.

Once I made this change, when I navigate to ](https://)/nagios I can authenticate through Apache but then get a 403 Forbidden Error, “You don’t have permission to access /nagios/ on this server.”

I verified SSL is working fine getting to the server as I can access the default Apache welcome screen at ](https://)/.

Am I missing an additional configuration change that is required to allow authentication after SSL is enabled? I can comment back the SSL Required line and can get back into the website again without issue. Is it a CGI access/authentication issue?

Additionally, I am seeing the error “Directory index forbidden by rule: /usr/local/nagios/share/” in my httpd/ssl_error_log, and as I mentioned above, the interface runs fine not over SSL.

Any insight is greatly appreciated.
Thanks

Z


#2

I was having some difficulty getting to the forum over the past few days, but wanted to provide an update on the situation.

The following day after my post, I realized I had a hole in my troubleshooting methodology and had found that if I browsed directly to index.html, I was able to get in, but I tested it without authentication enabled so I got what I considered at the time odd errors, later realizing it was working as designed, I hadn’t authenticated…

Therefore, I went back to the Apache configuration and added the line DirectoryIndex index.html which apparently, when not in SSL was inherited from the general config, but once I turned SSL on, was not inherited and needed to be defined explicitly within the directory directive. So what was happening was I was getting denied “browsing” to the directory under SSL where in normal mode, it was picking up the index file and displaying it as expected.

Figured I’d pass it along in case anyone else ran across this issue using the default directory template and figured they’d go SSL by just uncommenting the RequireSSL line, they’d need to add one more line to keep things working the same. (At least on my Apache version of 2.0)

Z