I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/
Related
I have Apache 2.4 installed using Homebrew on my Mac. The following does not work, it allows access to the entire filesystem:
<Directory />
AllowOverride None
Require all denied
</Directory>
If I enable access_compat_module then change the above block to the block below, it works as expected. I didn't make any other changes to httpd.conf.
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
I thought these were equivalent but clearly something is not working. I have authz_core_module enabled in both cases. Any ideas what I am doing wrong? Thanks.
if you want only share '/path/to/share'
then you need not to touch
< Directory / >
instead update the
< Directory "/Library/WebServer/Documents" >
to let it be:
< Directory "/Library/WebServer/Documents" >
Options FollowSymLinks Indexes
MultiviewsMatch Any
AllowOverride None
Require all granted
< /Directory >
then you can create a soft link under the
/Library/WebServer/Documents
to let it point to
/path/to/share
and give the
/path
/path/to
/path/to/share
enough permission to make it possible to access from
http://<your domain name>/
this is System level to share some special directory.
there is also other ways to share some special directory in your server
, e.g. Alias or user level
http://<your domain name>/~<username>
reference documents
I'm new to this.
We did a system scan last night. However, during the scanning, the system is down and we are facing 403 forbidden error when access the web.
Please kindly assist how and where should i check.
Version: Apache/2.4.7 (Ubuntu)
Ubuntu 4.2
The application was working fine all these while and no changes was done on the server.
YOur help on this is much appreciated.
thank you!
Here's the config file for further help:
/etc/apache2/apache.conf
<Directory />
Options FollowSymLinks
AllowOverride None
# Require all denied
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
/etc/apache2/sites-available/000-default.conf
<Directory "/var/www/html">
Options All
AllowOverride All
Require all granted
</Directory>
As you already added some conf-files to your question and extended comments should be avoided on SO (and you don't have the required 20 reputation for moving to chat) next suggestions here: add also your .htaccess, and maybe this is of help: Apache2: 'AH01630: client denied by server configuration'
In addition, it might be of help if you open (depending on your browser and development tools) e.g. the Firebug Net Panel to check what happens when you call your site's url - if the 403 occurs directly or if there is any kind of redirect taking place. Could also be of help to trace the address in a shell / command prompt to see what's going on.
I installed a LAMP in my AWS EC2 instance. The DocumentRoot folder is in /var/www/html. What I did is to copy the html folder into my /home/ec2-user and rename it to www. Then the DocumentRoot is changed to /home/ec2-user/www. Of course the https.conf is changed accordingly. Here it is:
#DocumentRoot "/var/www/html"
DocumentRoot "/home/ec2-user/www"
<Directory />
#Options FollowSymLinks
#AllowOverride None
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
#<Directory "/var/www/html">
<Directory "/home/ec2-user/www">
The problem is I got the following error message after I restart the https service.
You don't have permission to access / on this server.
The owner and the permission is the same for both folder. Here are the screenshots:
I searched in stack overflow and found some similar issues. But none of them work for me. Can anybody help? Thanks
the issue is the user apache runs as, is not ec2-user.
You could change it, but putting your doc root inside of the ec2-user's home directory is probably not a good idea. More then likely everything you do on your instance is as the ec2-user (who is a sudoer and has access to pretty much everything), so if someone was to compromise a script that apache is running, they would literally have full control over your instance.
I have CentOS 6.1 server and I installed apache 2.2.15 on it.
Now When I try to access it from another pc (windows 7) from IE (http:/// (=centos ip)) I get the "You don't have permission to access / on this server." error. I even created phpinfo.php file with content of "" on "var/www/html" and when I try to access it by using "http://*/phpinfo.php" in IE, I get not found error. What should I do?
my httpd.conf for directiry is like this:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Edit httpd.conf file, which is in /etc/httpd/conf/httpd.conf. Add the below code.
<Directory "/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Allow from all
</Directory>
<Directory "/home/">
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Allow from all
</Directory>
After the line no. 555 (in my case) . Check for the file permissions and restart the server.
service httpd restart
Now, it will work . Still you are facing the same problem, disable the seLinux in /etc/selinux/config change SELINUX=disabled and restart the server as mentioned above and try it.
Hope this helps
Set SELinux in Permissive Mode using the command below:
setenforce 0;
Check file permissions of the /var/www/html and the ALLOW directive in your apache conf
Make sure all files are readable by the webserver and the allow directive is like
<Directory "/var/www/html">
Order allow,deny
Allow from all
</Directory>
if you can see files then consider sorting the directive to be more restrictive
Fist check that apache is running. service httpd restart for restarting
CentOS 6 comes with SELinux activated, so, either change the policy or disabled it by editing /etc/sysconfig/selinux setting SELINUX=disabled. Then restart
Then check locally (from centos) if apache is working.
Try to use the following:
chmod +rx /home/*
If you set SELinux in permissive mode (command setenforce 0) and it works (worked for me) then you can run restorecon (sudo restorecon -Rv /var/www/html/) which set the correct context to the files in Apache directory permanently because setenforce is temporal. The context for Apache is httpd_sys_content_t and you can verify it running the command ls -Z /var/www/html/ that outputs something like:
-rwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 index.html
In case the file does not have the right context, appear something like this:
drwxr-xr-x. root root unconfined_u:object_r:user_home_t:s0 tests
Hope it can help you.
PD: excuse me my English
Create index.html or index.php file in root directory (in your case - /var/www/html, as #jabaldonedo mentioned)
Right click your www folder and click on properties. Navigate to permissions and change all to read and write then click on "Apply permission to enclosed files" and your are done!!
Maybe its too late but this will definitely help some other person
Check the apache User and Group setting in the httpd.conf. It should default to apache on AMI/RedHat or www-data on Debian.
grep '^Group\|^User' /etc/httpd/conf/httpd.conf
Then add the apache user to the group setting of your site's root directory.
sudo usermod -a -G <your-site-root-dir-group> apache
try to edit httpd.conf
<Directory "/usr/local/www/apache24/cgi-bin">
Options Indexes FollowSymLinks Includes ExecCGI
Require all granted
</Directory>
For CentOS 8 your /etc/httpd/conf.d/awstats.conf file needs to look like this and you need to stick in your IP address and restart your httpd service unless you want to whole world to have access to it!
#
# Directives to add to your Apache conf file to allow use of AWStats as a CGI.
# Note that path "/usr/share/awstats/" must reflect your AWStats install path.
#
Alias /awstatsclasses "/usr/share/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/share/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/share/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/share/awstats/wwwroot">
Options None
AllowOverride None
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require <Your IP Address here>
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Allow from <Your IP address here>
Allow from ::1
</IfModule>
</Directory>
# Additional Perl modules
<IfModule mod_env.c>
SetEnv PERL5LIB /usr/share/awstats/lib:/usr/share/awstats/plugins
</IfModule>
Remember that if you IP address changes you need to update the file and restart the httpd server. BTW you can see your ip address as it looks from the outside by simply googling "my ip"
Set required all granted in /etc/httpd/conf/httpd.conf
Yesterday, I had a fistful of sites running locally with no problem. Today, nothing opens and I have a log full of this:
Symbolic link not allowed or link target not accessible: /var/www
I have no idea what I did (I didn't open/change my httpd.conf file in any way), but clearly it was something bad. I run virtual hosts and the root directories are located in ~/Developer/www. In order to share the config files across multiple Macs with different home directories, I've created a symlink, /var/www which points to ~/Developer/www.
All of the virtualhost config files point their DocumentRoot to /var/www/project_directory and its own root directory has the FollowSymLinks option:
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost.local localhost.dev
DocumentRoot /var/www/_localhost
<Directory /var/www/_localhost>
Options FollowSymLinks Indexes
AllowOverride None
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
My main httpd.conf file, similarly, has the FollowSymLinks option enabled for /:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Any idea what I could have done to stop Apache from understanding symlinks or, better yet, what I can do to get it back on track?
Thanks.
UPDATE:
I should add that all of the directories in the "stack" are executable by all users and that this is the native Apache install on OS X Lion.
I guess I made an assumption that I shouldn't have. I had verified every relevant permission except the one that evidently mattered. Apache didn't have execute permissions on my top level home directory. I checked, re-checked and triple checked everything under that, but having never changed anything in that directory itself, I just didn't anticipate it being the issue.