Everything is setup correctly, but I'm getting "403..... Forbidden You don't have permission to access / on this server." error's when I access my IP address or my TLD. Any help?
In your VirtualHost, make sure that you have access permissions set in the Directory block...
order allow,deny
allow from all
Check your DocumentRoot folder for an .htaccess file, it can override the above.
Aside from that, you can also get this error when your VirtualHost does not contain the proper ServerName or ServerAlias and the request ends up falling into the default httpd.conf setup.
Also consider trying out another WAMP package.
xampp (free) -
WampDeveloper Pro (commercial) -
WampServer (free)
You are probably making requests from ::1, which is IP6 127.0.0.1.
So just update your <Directory "c:/wamp/www/"> section at C:\wamp\bin\apache\ApacheX.X.X\conf\httpd.conf sections to:
Order Deny, Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Remember to also do it in all conf files of C:\wamp\alias
This way you preserve the apache security.
Related
I simply want to enable the test.php file to be accessible via a virtualhost so I added just 127.0.0.1 test.localhost in the windows host file and
<VirtualHost *:80>
DocumentRoot "D:/Programmordner/test"
ServerName test.localhost
<Directory "D:/Programmordner/test">
require all granted
#<FilesMatch "^((test|test2).testdateiendung1|.+.testdateiendung2)$">
<FilesMatch "^(test.php)$">
Allow from All
</FilesMatch>
in httpd-vhosts.conf
Now if I add the second, it seems I even cannot open the default documentation website by clicking the admin-button on the apache interface, which should not be affected? If I erase the second the alterations in the windows host file doesnt affect anything and I can access all files in standard htdocs. I switched different versions like allow from all, access denied access granted but nothing changed
If somebody knows there is already which solves my problem, I will not grudge him however I looked for it and it did not help
I made several fixes and changed to Port 80 (without httpS :( ) and everything is running now.
I have seen many answers on this with what would appear to be simple solutions, none of which are working for me at this time.
I have WAMP install with Apache 2.4.33 32bit installed on a PC. I can access the site on that PC without a problem using the alias mySite.local.
The PC's host file looks like this
127.0.0.1 mySite.local
The remote lap top's host file is
192.168.1.114 mySite.local
That is the IP of the PC on the network.
httpd.conf
Listen 80
ServerName mySite.local:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "H:/Intranet/mySite_v2_www/public"
httpd-vhosts.conf
<VirtualHost *:80>
ServerName mySite.local
DocumentRoot "H:/Intranet/mySite_v2_www/public"
</VirtualHost>
I have tried disabling the windows firewall and virus checker on the PC.
The laptop appears to be getting there but being blocked. The message is..
Forbidden
You don't have permission to access / on this server.
Apache/2.4.33 (Win32) PHP/7.2.4 Server at mySite.local Port 80
So it looks like it can see Apache but is being blocked. So what else needs to be set to get access to the server?
Here are two of the links that I have been following to try and get this to work
Error message "Forbidden You don't have permission to access / on this server"
and
How do I connect to this localhost from another computer on the same network?
Thanks for any direction you can provide.
To complement the answer of Paul Neale:
Forbidden You don't have permission to access / on this server. Apache/2.4.33 (Win32) PHP/7.2.4 Server at mySite.local Port 80
That message is an answer from Apache. Disabling the windows firewall and virus checker on the PC won't have any effect, you are already reaching Apache there is not any networking problem.
Apache is receiving your request to access the root folder "public":
H:/Intranet/mySite_v2_www/public
But denies the request because, the directive Require local is enabled. This directive means, you can access to the content of public from the local server (localhost), which is the same to say 127.0.0.0 or localhost.
What you wanted is to tell apache that allows the access of certain IP address to the root directory "public".
When you changed the directive to Require all granted you are telling apache that, no matter who asks, give it access to / (root folder) in other words "public".
So, what you was searching for is "Access Control" in apache, and the directive Require can be used with IP address, here's the main document from Apache, this is an example:
Require host address
Require ip ip.address
It's important to differentiate between Network//Permissions problems. If you want to know if you are able to communicate (At network level) with Apache, you could do:
telnet <IP_APACHE_SERVER> <PORT_APACHE_SERVER>
#example: telnet 172.10.10.2 80
So after playing around will combinations for a day I found that in the httpd.conf I needed to change Require local to Require all granted in the section.
<Directory "H:/Intranet/mySite_v2_www/public/">
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride all
# onlineoffline tag - don't remove
# Require local
Require all granted
</Directory>
I have asked a similar question before
Restrict access to directories through ip address
at that time the problem was solved for apache 2.2. Recently I re-installed the OS (to Debian 8) and it comes with apache 2.4.
I want to restrict access to files - when the request comes "by" IP. Mainly if in the browser I try to open http://192.168.252.178/test/image.jpg it should show error - 403 forbidden. Directory test is in www directory of apache. However I should be able to access that image if I type http://www.example.com/image.jpg - considering that example.com points to that test directory.
With apache version 2.2 I would simply put this lines in my default site config file - and the problem was solved
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
Now, trying the same thing does not work: I am getting 403 forbidden even if I try to open any site by the domain name.
Considering the changes in 2.4 I also tried this, but again getting the the same 403 forbidden when trying to open some site.
<Files ~ ".+">
Require all denied
</Files>
My goal is to prevent any kind of access to directories and files - if they are being accessed through ip address. I have also this lines in my default site's config to prevent the directory access and this works fine.
<Directory /home/username/www>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
So, the question is - how to prevent file access through IP address. Also I need to achieve this by apache config, by htaccess is not a solution for me. And I need to achieve this for all the directories/files inside www recursively, so specifying the exact file names and/or directories is not a solution either.
Thanks
When you use name based virtual hosts, the main server goes away. Apache will choose which virtual host to use according to IP address (you may have more than one) and port first, and only after this first selection it will search for a corresponding ServerName or ServerAlias in this subset of candidates, in the order in which the virtual hosts appear in the configuration.
If no virtual host is found, then the first VHost in this subset (also in order of configuration) will be choosen. More.
I mention this because it will be important you have only one type of VirtualHost directive:
<VirutalHost *:80>
or
<VirtualHost 123.45.67.89:80>
I'll use the wildcard in the example.
You need a directory like /var/www/catchall with a file index.html or similar, as you prefer.
<VirtualHost *:80>
# This first-listed virtual host is also the default for *:80
# It will be used as the catchall.
ServerName 123.45.67.89
# Giving this DocRoot will avoid any request based on IP or any other
# wrong request to get to the other users directories.
DocumentRoot "/var/www/catchall"
<Directory /var/www/catchall>
...
</Directory>
</VirtualHost>
# Now you can add as usuall the configuration for any other VHost you need.
<VirtualHost *:80>
ServerName site1.com
ServerAlias www.site2.com
DocumentRoot "/home/username1/www"
<Directory /home/username1/www>
...
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName site2.com
ServerAlias www.site2.com
DocumentRoot "/home/username2/www"
<Directory /home/username2/www>
...
</Directory>
</VirtualHost>
Debian specific :
For Debian, you ideally put one VHost configuration per file, and put the file in the /etc/apache2/sites-available directory.
Name the files as you like, only the file containing the catchall vhost should be named something like 000-catchall, because they will be read in alphabetic order from the /etc/apache2/sites-enabled directory.
Then you disable Debian's usual default site :
a2dissite 000-default
and you enable the new catchall site and the other VHosts if needed :
a2ensite 000-catchall
An ls /etc/apache2/sites-enabled command should show the catchall as the first of list, if not change its file name so that it will always be the first. Restart Apache: service apache2 restart
Of course you could do all this changes in the original default VHost config file, but I usually prefer keep an original model.
I have setup an Ubuntu LAMP server, and I have had phpmyadmin working fine with my website. However, I have recently had to create a virtual host for my IP address to avoid a security issue with directory listings in Tomcat, and now I can no longer access phpmyadmin.
It used to be at 192.68.1.99/phpmyadmin, and the actual phpmyadmin files are located in
/usr/share/phpmyadmin
I have a domain name pointing at my sever which I can use to point at phpmyadmin - how do I configure this?
thanks
Try to add
Alias /phpmyadmin /usr/share/phpmyadmin
To your global configuration or to virtual host which serves 192.68.1.99:80
This will allows you to access it again on URL http://192.68.1.99/phpmyadmin
If you want to setup phpmyadmin to be available using domain name, it is very same,
just put this line into VirtualHost settings of server under which you want to access it.
If you receive errors like access forbidden, add also following lines:
<Directory /usr/share/phpmyadmin>
Allow from all
Deny from None
Order Allow,Deny
</Directory>
<Location /phpmyadmin>
Allow from all
Deny from None
Order Allow,Deny
</Location>
I am trying to configure the Apache server on my MacBooks (running Lion OS) to handle dynamic virtual hosts. I have managed to get it "working" but I whenever I access the domain I get a 403 Forbidden message. The hosts file is configured to point to 127.0.0.1 whenever one of these domains are requested. The httpd.conf is shown below:
VirtualDocumentRoot "/web"
<Directory "/web">
Options All
AllowOverride All
Order allow,deny
Allow from all
ScriptAlias /web/cgi-bin/
</Directory>
UseCanonicalName Off
VirtualDocumentRoot /web/%2/%1/public_html
This is set up so that http://foo.bar/ goes to "/web/bar/foo/public_html/".
I have checked the permissions on all the directories and files and they are all set to '777'. I have Googled for hours and hours and I am still getting 403 Forbidden. If there is anyone that can help me that would be greatly appreciated.
-Sam
You got it right, it's about permission. Check your site's parent folder permission, it might be stuck somehow on one of it's parent folder, make sure all of you site's parent folder from the root are readable by apache.