I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/
I have Apache 2.4 installed using Homebrew on my Mac. The following does not work, it allows access to the entire filesystem:
<Directory />
AllowOverride None
Require all denied
</Directory>
If I enable access_compat_module then change the above block to the block below, it works as expected. I didn't make any other changes to httpd.conf.
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
I thought these were equivalent but clearly something is not working. I have authz_core_module enabled in both cases. Any ideas what I am doing wrong? Thanks.
if you want only share '/path/to/share'
then you need not to touch
< Directory / >
instead update the
< Directory "/Library/WebServer/Documents" >
to let it be:
< Directory "/Library/WebServer/Documents" >
Options FollowSymLinks Indexes
MultiviewsMatch Any
AllowOverride None
Require all granted
< /Directory >
then you can create a soft link under the
/Library/WebServer/Documents
to let it point to
/path/to/share
and give the
/path
/path/to
/path/to/share
enough permission to make it possible to access from
http://<your domain name>/
this is System level to share some special directory.
there is also other ways to share some special directory in your server
, e.g. Alias or user level
http://<your domain name>/~<username>
reference documents
I have tried a number of suggestions/answers for similar problems but none have helped!
I am running an Apache2..4.7 on ubuntu 14.4, I've done
mkdir /var/www/html/download
cp src /var/www/html/download/file.extn
While the request localhost or 127.0.0.1 and surprisingly 127.0.1.1 are returning Ubuntu default page,
http://127.0.0.1/download/file.extn is giving
Forbidden
You don't have permission to access /download/file.extn on this server.
Apache/2.4.7 (Ubuntu) Server at 127.0.0.1 Port 80
Error log says:
(13)Permission denied: [client 127.0.0.1:52345] AH00035: access to /download/apkFile.apk denied (filesystem path '/var/www') because search permissions are missing on a component of the path
apache2.conf has been changed to:
Directory
Options FollowSymLinks
AllowOverride None
Require all granted
Directory
Directory /usr/share
AllowOverride None
Require all granted
Directory
Directory /var/www/
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
Directory
Directory /var/www/html/download
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
Directory
Permission to all directories leading to /var/www/html/download/file.extn has been chmod to 644.
Code:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
After editing some code in /var/www thinking I'd fix a small error where it denied access from everyone except me, somehow I screwed it up and I'm not firmiliar with this file at all. Now, everyone who visits any dir on my website gets 403 forbidden including myself.
is better to know that OS using often resolved by changing the permissions on the folder
for example server Ubuntu
sudo chmod 777 -R /var/www/html/youfile
that's it
Regards
I am getting
[Tue Apr 24 12:12:55 2012] [error] [client 127.0.0.1] client denied by server configuration: /labs/Projects/Nebula/bin/
My directory structure looks like (I am using Symfony 2, should be similar structure for other web frameworks)
I have vhosts setup like:
<VirtualHost nebula:80>
DocumentRoot "/labs/Projects/Nebula/web/"
ServerName nebula
ErrorLog "/var/log/httpd/nebula-errors.log"
</VirtualHost>
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
Order allow,deny
Allow from 127.0.0 192.168.1 ::1 localhost
</Directory>
I wonder whats the problem and how do I fix it?
Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error. You would also see a log message of the form "client denied by server configuration". The feature is requiring an authorized user identity to access a directory. It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive
Require all denied
This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:
Require all granted
as in
<Directory "your directory here">
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
OK I am using the wrong syntax, I should be using
Allow from 127.0.0.1
Allow from ::1
...
In Apache 2.4 the old access authorisation syntax has been deprecated and replaced by a new system using Require.
What you want then is something like the following:
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
<RequireAny>
Require local
Require ip 192.168.1
</RequireAny>
</Directory>
This will allow connections that originate either from the local host or from ip addresses that start with "192.168.1".
There is also a new module available that makes Apache 2.4 recognise the old syntax if you don't want to update your configuration right away:
sudo a2enmod access_compat
I had this issue using Vesta CP and for me, the trick was remove .htaccess and try to access to any file again.
That resulted on regeneration of .htaccess file and then I was able to access to my files.
Can you try changing "Allow from 127.0.0 192.168.1 ::1 localhost" to "Allow from all".
If that fixes your problem, you need to be less restrict about where content can be requested from
Here's my symfony 1.4 virtual host file on debian, which works fine.
<Directory /var/www/sf_project/web/>
Options All Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
If you wan't to restrict access to a specific ip range, e.g. localhost use this:
Allow from 127.0.0.0/8
The mod_authz_host is responsible for filtering ip ranges. You can look up detailed things in there.
But maybe the problem could be related to some kind of misconfiguration in your "apache2.conf".
On what OS is the apache running?
if you are having the
Allow from All
in httpd.conf then make sure us have
index.php
like in the below line in httpd.conf
DirectoryIndex index.html index.php
In my case the key was:
AllowOverride All
in vhost definition.
I hope it helps someone.
This code worked for me..
<Location />
Allow from all
Order Deny,Allow
</Location>
Hope this helps others