At clg.localhost/ I'm getting error:
You don't have permission to access / on this server.
But, following this, I've set up my Apache httpd.conf and sites.conf to allow access with AllowOverride all and Require all granted. What else am I missing?
Versions:
$ /usr/sbin/httpd -v
Server version: Apache/2.4.23 (Unix)
Server built: Aug 8 2016 18:10:45
Apache httpd.conf:
DocumentRoot "/Users/danniu/Sites"
<Directory "/Users/danniu/Sites">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options FollowSymLinks Multiviews
MultiviewsMatch Any
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride all
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
...
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride all
Require all granted
</Directory>
Apache sites.conf:
# Workaround for missing Authorization header under CGI/FastCGI Apache:
<IfModule setenvif_module>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
</IfModule>
# Serve ~/Sites at http://localhost
ServerName localhost
<VirtualHost *:80>
ServerName clg.localhost
DocumentRoot /Users/danniu/Sites/CLG/CLG-dev
</VirtualHost>
I thought perhaps httpd.conf wasn't properly being picked up, so I specified the root directly in the Virtual Host, with the same issue.
<VirtualHost *:80>
ServerName clg.localhost
DocumentRoot /Users/danniu/Sites/CLG/CLG-dev
# Set access permission
<Directory "/Users/danniu/Sites/CLG/CLG-dev">
Require all granted
</Directory>
</VirtualHost>
/ is a directory, so if you don't have an index file pointed to with DirectoryIndex, such as index.html, and you don't have Indexes enabled, as you don't, Apache can't show contents of your documentroot.
Note you have Options FollowSymLinks Multiviews
The solution, to the Options add Indexes like follows for "directory listing" (this depends on mod_autoindex being loaded previously):
Options FollowSymLinks Multiviews Indexes
If you want a default file loaded, for example index.html, DirectoryIndex by default looks for index.html, so add it, or if something its overriding its behaviour somewhere else do:
DirectoryIndex index.html
I want to change the DocumentRoot for my Apache Server as I keep my files for Web Development in another location. The default Document Root is
DocumentRoot "/Library/WebServer/Documents"
I changed that to :
DocumentRoot "/Users/blah/Documents/project"
I also changed :
<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options FollowSymLinks Multiviews
MultiviewsMatch Any
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
to this:
<Directory "/Users/blah/Documents/project">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options +ExecCGI
AddHandler cgi-script .cgi .py
MultiviewsMatch Any
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
However when i run localhost on my terminal I get the error:
Forbidden
You don't have permission to access / on this server.
I read through many previous posts regarding similar errors and saw that it was necessary to change permission of the folder. So I did that too. I can't seem to find out what is wrong. This is what comes up when I run ls -la in my project folder:
total 24
drwxrwxrwx 5 raveen staff 170 Oct 16 13:37 .
drwxr-xr-x 6 raveen staff 204 Oct 15 20:09 ..
-rwxrwxrwx# 1 raveen staff 438 Oct 16 15:17 index.cgi
-rwxrwxrwx 1 raveen staff 90 Oct 15 22:56 mongo1.php
-rwxrwxrwx# 1 raveen staff 372 Oct 16 13:37 mongo1.py
So. I check my script
perl -cw /var/www/cgi/env.pl
var/www/cgi/env.pl syntax OK
I double check it in commandline. It works and shows me my environment values.
My /etc/apache2/sites-available/mysite.com looks like this:
ServerAdmin webmaster#localhost
ServerName mysite.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks +ExecCGI
AllowOverride None
AddHandler cgi-script .cgi .pl
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi/
<Directory "/var/www/cgi">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
It should work, but i've got 500 error.
Apache log says:
[Fri Sep 19 09:29:04 2014] [error] [client 127.0.0.1] (2)No such file or directory: exec of '/var/www/cgi/env.pl' failed
[Fri Sep 19 09:29:04 2014] [error] [client 127.0.0.1] Premature end of script headers: env.pl
What should I do to make it work?
Is it possible that phpmyadmin influent to apache server like this. I do not use php except phpmyadmin for database. Maybe here is the problem?
Okay.
This is my mistake.
This script was written on Windows machine and I forget about this fact for a while.
So I tried to delete carriage return symbol.
Now my script works.
Solution is:
perl -pi -e 's/\r\n/\n/g /path/to/your/script'
Today I was updated Ubuntu server 13.04 (Raring Ringtail) → 13.10 (Saucy Salamander).
And my Apache 2 installation is broken.
Here my configuration:
File error.log
[Fri Oct 18 10:48:07.237170 2013] [:notice] [pid 8292:tid 139804677900160] FastCGI: process manager initialized (pid 8292)
[Fri Oct 18 10:48:07.241185 2013] [mpm_event:notice] [pid 8289:tid 139804677900160] AH00489: Apache/2.4.6 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Fri Oct 18 10:48:07.241652 2013] [core:notice] [pid 8289:tid 139804677900160] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 18 10:48:28.313923 2013] [authz_core:error] [pid 8294:tid 139804573181696] [client 81.219.59.75:3536] AH01630: client denied by server configuration: /usr/lib/cgi-bin/php5-fcgi
File default.conf
#EU
<VirtualHost *:80>
#ServerName
DocumentRoot /var/www/dev_stable
DirectoryIndex index.php index.html index.htm
<Directory /var/www/dev_stable>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
File mods-enabled/fastcgi.conf
#<IfModule mod_fastcgi.c>
# AddHandler fastcgi-script .fcgi
# FastCgiWrapper /usr/lib/apache2/suexec
# FastCgiIpcDir /var/lib/apache2/fastcgi
#</IfModule>
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
</Ifmodule>
When I trying to load the file via the browser I got:
site_name/TEST/
Forbidden
You don't have permission to access /php5-fcgi/TEST/index.php on this server.
What should I to fix it?
I have exactly the same issue. I ran a couple of virtual hosts on my local machine for developing.
First, I changed /etc/apache2/conf-available/php5-fpm.conf. I replaced every
Order Deny,Allow
Deny from all
to
Require all granted
The configuration has to be enabled by a2enconf php5-fpm. I did the same with my virtual hosts configurations and made the replacements.
I think this is not advised for security reasons, but as long as I use my server for local purposes only I can live with it.
I ran into this exact issue upon a new install of Apache 2.4. After a few hours of googling and testing I finally found out that I also had to allow access to the directory that contains the (non-existent) target of the Alias directive. That is, this worked for me:
# File: /etc/apache2/conf-available/php5-fpm.conf
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
# NOTE: using '/usr/lib/cgi-bin/php5-cgi' here does not work,
# it doesn't exist in the filesystem!
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</Ifmodule>
I ran into a similar problem today (but with mod_wsgi). It might be an Apache 2.2-to-2.4 problem. A comprehensive list of changes can be found here.
For me, it helped to add an additional <Directory>-entry for every path the error-log was complaining about and filling the section with Require all granted.
So in your case you could try
<Directory /usr/lib/cgi-bin/php5-fcgi>
Require all granted
Options FollowSymLinks
</Directory>
and I had to move my configuration file from folder conf.d to folder sites-enabled.
All in all, that did the trick for me, but I don't guarantee it works in your case as well.
I recently ran into the same problem. I had to change my virtual hosts from:
<VirtualHost *:80>
ServerName local.example.com
DocumentRoot /home/example/public
<Directory />
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
To:
<VirtualHost *:80>
ServerName local.example.com
DocumentRoot /home/example/public
<Directory />
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
In apache2.conf, replace or delete <Directory /> AllowOverride None Require all denied </Directory>, like suggested Jan Czarny.
For example:
<Directory />
Options FollowSymLinks
AllowOverride None
#Require all denied
Require all granted
</Directory>
This worked in Ubuntu 14.04 (Trusty Tahr).
Your virtualhost filename should be mysite.com.conf and should contain this info
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin info#mysite.com
DocumentRoot /var/www/mysite
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/mysite">
Options All
AllowOverride All
Require all granted
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I don't think that replacing "Require all denied" with "Require all granted" in this directive:
<Directory>
Options FollowSymLinks
AllowOverride None
#Require all denied
Require all granted
</Directory>
as suggested by Jan Czarny and seonded by user3801675 is the most secure way of solving this problem.
According to the Apache configuration files, that line denies access to the entirety of your server's filesystem. Replacing it might indeed allow access to your virtual host folders but at the price of allowing access to your entire computer as well!
Gev Balyan's approach seems to be the most secure approach here. It was the answer to the "access denied problems" plaguing me after setting up my new Apache server this morning.
And I simply got this error because I used a totally different DocumentRoot directory.
My main DocumentRoot was the default /var/www/html
and on the VirtualHost I used /sites/example.com
I have created a link on /var/www/html/example.com (to /sites/example.com).
DocumentRoot was set to /var/www/html/example.com
It worked like a charm.
I had the same issue after upgrading my system.
In my case, the problem was caused by the order of loading configuration files.
In the /etc/httpd/httpd.confinitally it was defined as follows:
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
After some hours of attempts, I tried the following order:
IncludeOptional sites-enabled/*.conf
IncludeOptional conf.d/*.conf
And it works fine now.
I had the following configuration in my httpd.conf that denied executing the wpadmin/setup-config.php file from wordpress. Removing the |-config part solved the problem.
I think this httpd.conf is from plesk but it could be some default suggested config from wordpress, i don't know. Anyway, I could safely add it back after the setup finished.
<LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:readme|license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
Require all denied
</LocationMatch>
For those of you on AWS (Amazon Web Services), remember to add a rule for your SSL port (in my case 443) to your security groups. I was getting this error because I forgot to open the port.
3 hours of tearing my hair out later...
I have WampServer 2 installed and I have created an alias on my computer called test which points to directory g:/test/.
However I keep getting a 403 error when I try and access localhost/test/
Which is being caused by these lines in my httpd.conf (if I comment these lines out it loads)
<Directory />
AllowOverride none
Require all denied
</Directory>
My conf for test is as follows:
Alias /test/ "g:/test/"
<Directory "g:/test/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
How do I override the Require all denied in my test.conf file to stop the 403 errors?
Error Log reads:
[Sun Dec 09 18:51:23.757803 2012] [authz_core:error] [pid 5128:tid 884] [client ::1:50622] AH01630: client denied by server configuration: G:/test/
Access Log reads:
::1 - - [09/Dec/2012:18:51:23 +0000] "GET /test/ HTTP/1.1" 403 207
Try to replace deprecated:
Order allow,deny
Allow from all
By:
Require all granted
Concerns only Apache >= 2.4. However, I recommand to disable mod_access_compat (line LoadModule) to avoid Order/Allow/Deny conflicts with Require.
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Allow from all
#Require local
Require all granted
above file comment #Require local
add extra Require all granted
solved