I just started using Fortrabbit to host the app we are working on. I am using Laravel 4. For some reason there are a select few .css fils and all of my .js files are not accessible. I am getting a 403 access forbidden error. How do I get around this. I have made sure the files are there, but for some reason I am unable to access them. I even tried running chmod 777 and 775 on my assets directory.
Access forbidding errors usually relate to some kind of (overzealous) .htaccess rule. I'd recommend to open a ticket with the App name and URLs to the problematic files..
Related
I took over a website which I'm supposed to admin and somebody brought to my attention that certain Indexes and Files are available, which shouldn't be. I will be using dummy names.
You were able to access example.com/intern before, but I changed a line in /etc/apache2/apache2.conf according to this https://stackoverflow.com/a/31445273 . This worked partly, as I get a 403-Forbidden when I now navigate to example.com/intern and that's basically what I want.
However the directory intern governs a file called file.php.bak aswell as file.php. When I navigate to example.com/intern/file.php I get a white website. I am however not sure, if you are able to access file.php in another way, because the site does load and I don't get a 403 like before. What is way worse and the reason I am struggling with this is: If I go to example.com/intern/file.php.bak then my Browser (Firefox) offers me to download file.php.bak, which I can read in plaintext. I want all files in intern to not be accessible via the website, but I have no idea how to do this. Can anybody help?
Things I've tried:
Removing the Indexes from the apache2.conf file like mentioned above. It only puts the 403 on the directory itself and not recursively for all the files in it.
Writing a .htaccess file as described here: https://fedingo.com/how-to-prevent-direct-file-download-in-apache-server/ and putting it in intern with the same result as in 1)
Putting an empty index.html file in the intern directory. This leads to no more 403 in example.com/intern, but the download on example.com/intern/file.php.bak is still possible. I've also tried index.php with the same result.
File System:
The application runs from /var/www/application which is also the folder for the /var/www/application/index.php I want to use. The /var/www/application/intern directory is also there. While it isn't browsable anymore, the files in it still are accessible. /var/www/application/intern/file.php can be navigated to via example.com/intern/file.php, but it seems like it can't be downloaded or read as it results in a white page. /var/www/application/intern/file.php.bak can however be downloaded via example.com/intern/file.php.bak.
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.
I keep getting a 403 error on my homepage, despite having all my permissions set to allow public to read. I'm not using any plugins, I'm not using Wordpress, and though my site is routed through Cloudflare it goes through to my hosting provider's 403 page (I haven't created my own). I've tried 755 and 644 and I keep getting the same thing. How can I fix this?
(The website is alexbelman.com)
There are several possible reasons depending on your hosting environment and a bit more detailed info from you about your hosting setup would help. For example - is your site on a server running Linux? cPanel?
But maybe this info can help you in the meantime:
If you're sure you have the correct permissions on folders (in most cases your public_html folder should be 750, all folders within the public_html folder in most cases should be 755, and files should be 644) then probably the first two things I would check would be:
Make sure you have an index file in your public_html folder - some examples would be index.html , index.htm , index.php , or on some hosts a default.html is used. If there is no index file in the folder that serves your site, server security configs will often present a 403 while protecting the sensitive contents of your hosting account from being viewed.
If you're sure you have an index file in your public facing folder, then check the contents of the .htaccess file in your public_html folder, since an errant rule or line of code in your htaccess is a common cause for a 403
If you can post the contents of your .htaccess file here someone here or possibly myself can spot anything that shouldn't be there or is incorrect.
Also, since you're using CloudFlare you should take a look at their Quick Fix suggestions here - https://community.cloudflare.com/t/community-tip-fixing-error-403-forbidden/53308
I have made a custom folder within WordPress' uploads directory to house some downloadable files, however I don't want these to be directly accessible, they should only be accessible via a script for example.
To accomplish this I simply put a .htaccess file in the respective folder containing:
Deny from all
My development environment is Windows and this was working fine, both the folder and file returned a 403 Forbidden and I was able to force download the file via a script.
Now I have uploaded the site to a staging server that is running on Linux (RedHat I think?), Apache as well, but for both the folder and the file it returns a 404 Not Found and hence the file download also fails.
What am I missing here? Why is it acting differently? Should I be putting some different/extra in the .htaccess file?
Edit: I just noticed that whilst it IS stating it is a 404, it is redirecting to a 403.shtml file.
I'm working on a Symfony2 project at local server without any virtual hosting or something else. After I run the command php app/console assets:install --symlink, clear the cache and refresh the page none styles or javascript or images are loaded. Inspecting the source code and trying to access any of those assets I get this error:
You don't have permission to access
/cmplatform/web/bundles/clanmovilcommon/css/bootstrap.min.css on this
server.
What I need to change in my /etc/httpd/conf/httpd.conf to fix that problem? It's related to .htaccess problem or what?
This error is due to the user that you are currently logged in as not having correct to write to the /cmplatform/web directory. Or you have not got the root path set correctly in your apache.conf.
Can you confirm other pages / assets are being served correctly.
Take a look at who owns the directory and either adjust the write permissions or add your user / web server to own the directory or into the group.
This is quite a common issue - and care needs to be taken to ensure that write permissions for web, cache and log directories are set correctly to allow command line and web server (e.g. apache / nginx) users.
See http://symfony.com/doc/current/book/installation.html - permissions for some tips about fixing this.
I have looked around a great deal on the Drupal forum and elsewhere but I cannot yet resolve this.
I have had to reinstall a large, fully functional site (Drupal 7.18) onto a new server. This has gone very smoothly. However, I do not seem to be able to set permissions for my sites/default/files directory in a manner that keeps it accessible and safe when browsing using the IMCE file browser.
Usually I set sites/default/files (and subdirectories within it) as 755, with files within these directories as 664. This works well on many other Drupal 7 sites I have built.
HOWEVER in this case, with these permissions I get the message "Unable to get a working directory for the file browser".
Only by setting directory permissions as 777 can I browse the files in these directories using IMCE - and I know that is really bad practice on shared hosting.
Please can someone advise on troubleshooting this? I have spent hours but I am getting nowhere.
I wonder if the ownership of the files and directories themselves is wrong. If they are wrong, can anyone direct me to step-by-step instructions for changing them?
Examining the 'problem' files and directories using FireFTP, I see
that both user and group names are the same as the FTP username that
was given me by my web host.
Looking at another Drupal site that works properly, I see that files
and directories in sites/default/files are set to user 531/group 528.
Thanks in anticipation! I am running D7.18 on PHP 5.2.10 with extensions enabled. Everything else seems to be working very well indeed. However, I am not sure I have the Apache or Linux skills needed to resolve this, or even to ask my hosts the correct questions ...
755 basically means that only the owner of the files can modify them, so you could try changing the directory permissions to 775 so that the owner and group can modify.
If you are using shared hosting I suggest you ask your hosting provider to help as they will have a better understanding of the users and groups on the server.
Cheers