I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/
Can't change Apache web root directory on Ubuntu.
file exists in sites-enabled folder
I changed /etc/apache2/sites-enabled/mynewsite.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
Allow from all
AllowOverride None
Require all granted
</Directory>
and, also I changed /etc/apache2/apache2.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
AllowOverride None
Allow from all
Require all granted
</Directory>
After changing those I restart the apache then it not worked. Shows
403 error. Forbidden
You don't have permission to access this resource. Apache/2.4.41 (Ubuntu) Server at localhost Port 80
But magically when I change the path within the home directory(/home/saptarshi/test) then it work. So , Is it possible to change apache root directory outside the home folder in ubuntu?
Two things I would like to mention. Firstly, because of something isn't working, don't write the same configurations into multiple apache config files. It will create more problems rather than solving one. Secondly, you should always edit the respective site config file in the /etc/apache2/sites-available/ directory rather than editing the file in the /etc/apache2/sites-enabled/ directory. It's a symlink, so, it's always better to edit the main file and reload the config.
Now your problem might or might not be related to directory path only. It might be a user permission related problem as well. Could you please attach the entire apache2.conf file and the mynewsite.conf file? Also, what's the host you're trying to access it with?
I installed a LAMP in my AWS EC2 instance. The DocumentRoot folder is in /var/www/html. What I did is to copy the html folder into my /home/ec2-user and rename it to www. Then the DocumentRoot is changed to /home/ec2-user/www. Of course the https.conf is changed accordingly. Here it is:
#DocumentRoot "/var/www/html"
DocumentRoot "/home/ec2-user/www"
<Directory />
#Options FollowSymLinks
#AllowOverride None
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
#<Directory "/var/www/html">
<Directory "/home/ec2-user/www">
The problem is I got the following error message after I restart the https service.
You don't have permission to access / on this server.
The owner and the permission is the same for both folder. Here are the screenshots:
I searched in stack overflow and found some similar issues. But none of them work for me. Can anybody help? Thanks
the issue is the user apache runs as, is not ec2-user.
You could change it, but putting your doc root inside of the ec2-user's home directory is probably not a good idea. More then likely everything you do on your instance is as the ec2-user (who is a sudoer and has access to pretty much everything), so if someone was to compromise a script that apache is running, they would literally have full control over your instance.
Yesterday, I had a fistful of sites running locally with no problem. Today, nothing opens and I have a log full of this:
Symbolic link not allowed or link target not accessible: /var/www
I have no idea what I did (I didn't open/change my httpd.conf file in any way), but clearly it was something bad. I run virtual hosts and the root directories are located in ~/Developer/www. In order to share the config files across multiple Macs with different home directories, I've created a symlink, /var/www which points to ~/Developer/www.
All of the virtualhost config files point their DocumentRoot to /var/www/project_directory and its own root directory has the FollowSymLinks option:
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost.local localhost.dev
DocumentRoot /var/www/_localhost
<Directory /var/www/_localhost>
Options FollowSymLinks Indexes
AllowOverride None
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
My main httpd.conf file, similarly, has the FollowSymLinks option enabled for /:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Any idea what I could have done to stop Apache from understanding symlinks or, better yet, what I can do to get it back on track?
Thanks.
UPDATE:
I should add that all of the directories in the "stack" are executable by all users and that this is the native Apache install on OS X Lion.
I guess I made an assumption that I shouldn't have. I had verified every relevant permission except the one that evidently mattered. Apache didn't have execute permissions on my top level home directory. I checked, re-checked and triple checked everything under that, but having never changed anything in that directory itself, I just didn't anticipate it being the issue.
I am trying to setup an alias to point to some directory on my filesystem not in DocumentRoot. Now I get a 403 Forbidden response. These are the steps taken:
1. edit http.conf, adding:
Alias /example "/Users/user/Documents/example"
then...
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all</Directory>
2. setting permissions with chmod in terminal:
chmod 755 /Users/user/Documents/example
Now it should work? instead I get the access forbidden. This is the output from error_log:
[Sun Jul 24 06:57:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /example denied
I was having this issue on OS X too. It turned out gliptak was right, but I've some more detail to add.
We're both attempting to configure a virtual directory for a folder under a user's home folder; I think this is why we're having the problem. In my case, I had the following setup:
Home folder is /Users/calrion.
Virtual directory folder is /Users/calrion/Path/to/www.
There's a symlink /Users/calrion/Path pointing to /Volumes/Other/Users/calrion/Path.
The problem was the user and group _www (which Apache runs as on OS X) lacked execute access to /Users/calrion and /Volumes/Other/Users/calrion.
Running chmod o+x /Users/calrion and chmod o+x /Volumes/Other/Users/calrion resolved the issue (on OS X 10.7.4).
The rule here is that Apache requires execute access to all folders in the path in order to serve files. Without this, you'll get a HTTP 403 (forbidden).
The last straw ;) Required local in the Directory Entry...
like
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
Order allow,deny
Allow from all
</Directory>
if everything else doesn't work (correct Alias, Directory Entry in httpd.conf and correct mod/usr/grp).
keep in mind: if you put your site in user-space the apache user (running httpd) needs access to your home!
Check permission on /Users/user/Documents/, /Users/user/ (higher level permissions are enforced first ...)
/bin/su into the user running Apache (like www, www-data) and cat a file in the /Users/user/Documents/example directory. That might point you to permission problems with your setup.
These are all very good answers.
None of them worked for me.
I have an alias specified in OSX server pointing to a user directory. I spent a long while chmodding and messing with _www user, adding executable permissions recursively, uninstalling macports and all sorts of stuff trying to get this to work. I tried 777. Nope. No idea why it wasn't working.
Eventually, I just checked the "shared folder" checkbox in the Finder for that folder, and it worked, on the specified domain, with php active, the way I wanted it to. :/ ...so that was easy.
I was just having this exact same issue. What I found was SE_Linux was enabled, and the security context of the files in my Aliased directory was incorrect, missing httpd_sys_content_t.
You can view the security context with ls -Z. If your files/folders don't have httpd_sys_content_t then apache won't server them up! You can add the proper context with something like chcon -R --type=httpd_sys_content_t /new_html_directory. This will change the context of the files currently in the directory, but not any files that are added afterwards (for that you'll need to work with semanage). Your other option is to just leave the files under /var/www.
Here's what fixed it for me:
in /etc/apache2/httpd.conf
<Directory />
Options FollowSymLinks
AllowOverride None
# REMOVE THESE LINES
#Order deny,allow
#Deny from all
# ADD THIS LINE
Require all denied
</Directory>
This change implements changes made in the apache update from 2.2 to 2.4. The OSX Yosemite update brought the apache update with it (PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks).
The weird thing is that I already got apache 2.4 working, and suddenly it breaks again....
PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks
After lots of time waste i fixed the issue and i wanted to share to save your time.
All the gentelmen above and on other posts has some correct parts in their answers but below is the sum
In your "/etc/apache2/httpd.conf" file:
1- change your document root
Original: DocumentRoot "/Library/WebServer/Documents"
Change to: DocumentRoot "/Users/yourname/www"
2- change
Original:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Change to:
<Directory /Users/yourname/www>
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order deny,allow
Deny from all
</Directory>
3- Change:
Original:
<Directory "/Library/WebServer/Documents">
Change to:
<Directory "/Users/yourname/www">
4- Finally, you might not need this step if you are the supper user, this is to set the right permition on your new root folder
chmod 755 /Users/yourname/www
Hope this will help
It certainly does look right, do a sanity check.
you restarted apache
check group and user ownership
I think the quotes can be removed
there is something in /Users/user/Documents/example ?
try 777
-sean
SELinux was the culprit for me. If you're having this issue on a linux box and your alias and file permissions are correct than try doing a "setenforce 0" to put SELinux into permissive mode. That did the trick for me.
I had to revert my apache config file and then set up the server again. found this useful:
https://apple.stackexchange.com/questions/41143/how-to-revert-default-mac-apache-install-to-original
Quick Solution:
Use these commands as root on Linux:
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;