Apache 2 Forbidden 403 Error despite "Require all granted" - apache

I am getting the apparently infamous apache 2 forbidden error #403, and I tried following the guides on the subject, but none seem to be working.
I am using Ubuntu Server and Apache 2.4.41
My website structure looks like /var/www/html/index.html
My apache2.conf [/etc/apache2/apache2.conf]:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/html>
Order allow,deny
Allow from all
Require all granted
</Directory>
My vhosts.conf [/etc/apache2/sites-available/000-default.conf]:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

From an Apache standpoint, your configuration seems ok.
Please verify the permissions on your /var/www/html directory. The user that runs Apache should have at least read and traversal (x) permission.

I gave the user running Apache2 permissions to the /var/www/html folder, and was then able to access the website.
Here is a URL with several permissions, I don't know specifically which one was responsible, but I believe it was sudo chmod g+w /var/www/html
https://askubuntu.com/questions/767504/permissions-problems-with-var-www-html-and-my-own-home-directory-for-a-website

Related

How to change root directory for lamp on Ubuntu

I'm trying to change the root directory of my new lamp on Ubuntu but I have an error message when I open localhost or 127.0.0.1 : **Forbidden
You don't have permission to access this resource.**
I'm using Apache/2.4.46 (Ubuntu) Server at 127.0.0.1 Port 80 with Ubuntu 21.04.
I already changed apache2.conf and 000-default.conf :
000-default.conf:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /home/matt/phpRoot
ServerName 127.0.0.1
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And apache2.conf :
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory "/home/matt/phpRoot">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
in 000-default.conf and apache2.conf
change /home/matt/phpRoot to /var/www

Error in apache2 server for SSL certificate

So I have purchased an SSL certificate, and need to add it to my Ubuntu running apache2 web service, however for some reason, my .conf file shows me the same error over and over again.
After running the code apache2ctl configtest they mentioned...
AH00526: Syntax error on line 58 of /etc/apache2/sites-enabled/eblossom.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
And in my .conf file...
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias /static /home/najaaz/eblossom/static
<Directory /home/najaaz/eblossom/static>
Require all granted
</Directory>
Alias /media /home/najaaz/eblossom/media
<Directory /home/najaaz/eblossom/media>
Require all granted
</Directory>
<Directory /home/najaaz/eblossom/eblossom>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/najaaz/eblossom/eblossom/wsgi.py
WSGIDaemonProcess eblossom python-path=/home/najaaz/eblossom python-home=/home/najaaz/eblossom/venv
WSGIProcessGroup eblossom
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /home/najaaz/eblossom/eblossom_lk.crt
SSLCertificateKeyFile /home/najaaz/eblossom/eblossom.lk.key
SSLCertificateChainFile /home/najaaz/eblossom/eblossom_lk.ca-bundle
</VirtualHost>
I a using a Django framework and I don't understand where and how this error is caused.
Could anyone help me with this?
Thanks!
Run the following, and try again:
a2enmod ssl && systemctl restart apache2
Basically what this command does is that, it enables mod_ssl.

Forbidden permission to access /cgi-bin/test.pl

Okay so I have configured Apache on my Linux machine but when I try to run any sort of script on local host from the cgi-bin I get Forbidden permission. i.e. address http://localhost/cgi-bin/test.pl
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Files ~ "\.(pl|cgi)$">
SetHandler perl-script
PerlResponseHandler ModPerl::PerlRun
Options +ExecCGI
PerlSendHeader On
</Files>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
That is my 000-default.conf
And yes I have given test.pl 755 permissions and it does run correctly.
Thanks in advance for any help.
do "ls" on each of level.. /usr/ , /usr/lib/ , /usr/lib/cgi-bin without sudo... probably the owner of that file is 'root', if so.. then try 'chown' that file.

mod_rewrite wasn't working so while fixing it getting 403 forbidden

On ubuntu 13.10 I am using apache 2.4.x . I was having problem with mod_rewrite. I enabled that module and and restarted the server but .htaccess file wasn't still working so I after some search, I read an answer from stackoverflow pointing towards: http://smarttips.in/htaccess-redirect-not-working-apache/
I was missing point 2 in the above link. So I put that code in my 000-default.conf file.
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
As I am using apache2.4+ so as told here: http://httpd.apache.org/docs/current/upgrading.html
Order allow, deny
Allow from all
to
Require all granted
Here is code in my 000-default.conf file:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
But after entering that code from that link, now server is giving 403 forbidden, saying:
You don't have permission to access /mysite/ on this server.
Apache/2.4.6 (Ubuntu) Server at localhost Port 80
So not sure if that mod_rewrite problem is solved or not but also getting now permissions error.
Let me know if I need to put .htaccess code here too.
So any idea what am I doing wrong ?
I simply removed:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
and put this instead:
DocumentRoot /var/www
<Directory /var/www>
AllowOverride All
</Directory>
And now that permission error is gone and mod_rewrite is working as expected.
Adding this to <Directory /var/www/html>
Options +SymLinksIfOwnerMatch
helped me.

What is simplest way to add domain name to a Debian server?

I have the latest brand new Debian server. The website should host only 1 single domain name.
DNS are resolved by the registrar and A points to my dedicated server. Site is present in /var/www/.
What is the simplest way (step by step) to configure Apache to add this domain name?
It should be very straighforward:
Install Apache (sudo aptitude install apache2)
The default configuration points to /var/www so...
Start Apache (sudo service apache2 restart)
Enjoy your website
You can add your domain name into /etc/hosts
Take some steps to secure your dedicated server (iptables, fail2ban, ...)
You could also use the automatic wizard with sudo dpkg-reconfigure apache2.
I think this should be enough if you DNS is already pointing at your IP.
If you really need to change the configuration file, it's in etc/apache2/sites-available/default and contains the following (by default):
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster#localhost # <= Email of webadmin (shown on error pages)
DocumentRoot /var/www/ # <= Root of your web server with public access
<Directory />
Options FollowSymLinks
AllowOverride None # <= Disable usage of .htaccess files
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
As for the hosts file, you can add the following:
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
#Virtual Hosts
12.34.56.789 example.com #<= change here :)
Then, don't forget to secure your web server with appropriate tools (iptables, fail2ban, ...)