ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Clients and GUPs get 403 Forbidden response in Apache logs when the Inetpub\content folder is configured to use a symbolic link

book

Article ID: 161976

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After upgrading to 12.1 RU5 and reconfiguring symbolic links on the Inetpub/content/ folder, clients and GUPs receive HTTP 403 Access Forbidden results in the Apache Access logs. From the Apache Access.log you see repeated GET request results such as this on all GET requests hitting the apache server:
 
"GET /content/TempCache/{810D5A61-809F-49c2-BD75-177F0647D2BA}/150426016/xdelta150426016_To_150507009.dax HTTP/1.1" 403 301 "-" "Smc"

Additionally, the Apache Error log contains the following symbolic link errors that look to be concurrent with the access log's GET requests:
AH00037: Symbolic link not allowed or link target not accessible: C:/Program Files (x86)/Symantec/Symantec Endpoint Protection Manager/Inetpub/content

Cause

This occurs when the httpd.conf file does not have the option to follow symbolic links created within the Inetpub directory.

Resolution

  1. Open the httpd.conf file and find the <Directory "../Inetpub"> section.
  2. Find the line that contains #Options Indexes FollowSymLinks ExecCGI.
  3. Below the above line add Options FollowSymLinks.
  4. Save the changes to the httpd.conf file
  5. Restart the SEPM and SEPM Web server services.
The SEPM's apache server should now properly be configured to make use of the symbolic link configured on the /Inetpub/content folder.