403 Forbidden Error on Mac OS X Localhost
Solution 1
Apple has a support document for this problem. Fixing the issue involves creating a file /etc/apache2/users/yourusername.conf
(yourusername being the account short name, e.g. danielbeck
– it's usually the name of your home folder in /Users
) with the following contents:
<Directory "/Users/yourusername/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Afterwards, run sudo chown root:wheel /etc/apache2/users/yourusername.conf
and restart Apache.
Solution 2
For Apache to see the file, the user that Apache runs as (probably www
or _www
) must have access to these users' Sites directories. Having read/execute access to the contents of ~/Sites
is not enough, because it has to be allowed to traverse from /
down the path to ~/Sites
. So make sure /
, /Users
, /Users/myusername
, and /Users/myusername/Sites
all have at least a+x
permission (the eXecute bit on directories allows that user class to traverse the directory, even if Read access is not allowed).
ls -lde / /Users/ /Users/myusername/ /Users/myusername/Sites
If any of those directories doesn't show the last x
set (the one for "others"), then use something like chmod a+x ...
to set it for that directory.
If the ACL for any of those directories shows that user www
has been specifically denied access, then use the appropriate arguments to chmod
to fix the ACLs.
Solution 3
For reference, I just dealt with this, and none of the answers here worked in my specific case. I was configuring virtual hosts, but more importantly, I needed my htaccess files to actually work.
I changed on "AllowOverride None" to "AllowOverride All" in my /etc/apache2/users/USERNAME.conf file, and all of my sites started to be forbidden.
I changed it back and and then changed it only for one site in my httpd-vhosts.conf file, and only that site was forbidden.
After looking at the logs and seeing the problem was with url rewriting and the lack of FollowSymLinks, I went back to the USERNAME.conf file. I switch "AllowOverride None" to "AllowOverride All" and added "Options +FollowSymLinks" on the next line.
Things started working. I came from using xampp on windows and it had a lot of these settings already set server-wide for dummies like me.
Solution 4
update for Lion in 10/2011 I had to also add
UserDir enabled so my /etc/apache2/extra/httpd-userdir.conf is like this :
UserDir enabled
UserDir Sites
#
# Users might not be in /Users/*/Sites, so use user-specific config files.
#
Include /private/etc/apache2/users/*.conf
<IfModule bonjour_module>
RegisterUserSite customized-users
</IfModule>
Solution 5
I had the same problem: My (old) account wasn't accessible, but another user's account which were created after upgrading to Lion worked just fine.
After making sure your /etc/apache2/users/USERNAME.conf looks like this:
<Directory "/Users/USERNAME/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
do a sudo chown root:wheel /etc/apache2/users/USERNAME.conf
it appears that this permission setting isn't set during the OS upgrade, and the Apache user can't read the config file, and throws an error.
At least this solved it for me.
Related videos on Youtube
voodoo555
Updated on September 17, 2022Comments
-
voodoo555 over 1 year
I set up Web Sharing in System Preferences on Mac OS X 10.6 and clicked the link it gave me there. Unfortuantely, Apache gave me this 403 error:
Forbidden
You don't have permission to access /~myusername/index.html on this server.
Access log displays:
10.0.1.2 - - [30/Jun/2010:16:25:15 -0700] "GET /~myusername/ HTTP/1.1" 403 210
Error log displays:
[Wed Jun 30 16:26:09 2010] [error] [client 10.0.1.2] client denied by server configuration: /Users/myusername/Sites/
Curiously enough, accessing http://localhost works fine. It's just with two of the user folders that I've having trouble with, the other user folder, which is newer than my system upgrade, is working fine.
I've had this working on my machine in Leopard before, so I chmodded everything in
~/Sites
to 755, which didn't do any good. Any suggestions? I presume I've done something to my machine that's caused this, since I can't imagine Apple messing up on something like this.I did set up PEAR with these instructions, but I have no idea if that could be the cause of it.
-
Michael H. almost 14 yearsSorry if this is a dumb question, but exactly what URL are you going to? I ask because the URL "/~myusername/index.html" is an odd one -- it should either be "~myusername/index.html", or it should be "localhost/~myusername/index.html", or something similar. Simply starting from / and then adding ~myusername smells funny. In addition to (or instead of) answering that, you can go into Console.app (/Applications/Utilities/Console.app) and find the apache2 access_log and error_log. Pull that up, perhaps clear the display, and then re-try your URL to see what the error log tells you.
-
voodoo555 almost 14 years@khedron: The URL is localhost/~myusername/index.html, but the error displays the /~myusername/index.html part
-
Michael H. almost 14 yearsOK, just checking. What does the apache log say in the console (console.app)?
-
voodoo555 almost 14 years@khedron: I posted the access and error log up in the question. Is there another one?
-
Michael H. almost 14 yearsSorry, I didn't see that. OK -- that clearly shows the URL is understood correctly, but is denied. In that case.. hmm, can't format this properly in a comment, see answer down below.
-
Wassim Sboui over 11 yearsI have the same problem as you, and I just do : chmod 777 /Applications/XAMPP/htdocs/myusername , it work's for me
-
-
voodoo555 almost 14 yearsSorry, just to double check, I should be visiting localhost/~myusername/index.html and have a file called index.html in my Sites folder, right? If so, then the 403 is still happening.
-
Josh K almost 14 yearsYou shouldn't be visiting
~myusername
at all I believe.http://localhost/
should point to/Users/youruser/Sites/
. -
voodoo555 almost 14 yearsNope, mine looks exactly like yours.
-
voodoo555 almost 14 yearsThe execute bit is set for all of those directories, but I don't know how to check if a specific user has been denied access.
-
Spiff almost 14 yearsThat's what the "e" in "ls -lde" is for. It lists the ACLs (if any) for each of the files.
-
Mark almost 13 yearsChanging permissions on /Users/myusername to chmod 755 fixed the issue for me.
-
Misha Reyzlin about 12 yearsthanks so much, spent quite some time figuring out what's going on, didn't have to tinkle with Apache / PHP for some time now
-
Tom Lianza almost 12 yearsDoesn't this command give the _www user permission to access your root directory, as well as the /Users directory, etc? That can't possibly be right, is it? All of those security holes to share a page in one folder? Is this behavior documented somewhere?
-
Tom Lianza almost 12 yearsReplying to my own comment, I found this answer ( serverfault.com/a/293063/14970 ) which does provide a link to reliable documentation on this behavior: wiki.apache.org/httpd/13PermissionDenied
-
octern over 11 yearsFor the record: Adding +x doesn't give read or write permission to anything, it just allows the user to navigate down to a directory where they do have read access (in this case, the Sites directory).
-
nickdos over 11 yearsI had this issue and found a simple single file symlink worked but sym linking to a directory did not. Turned out the directories I was linking to had a sticky bit set like this
drwxr-xr-x@
. Doing achmod 755 dirName
to remove the sticky bit fixed the issue, as Mark R pointed out above. -
agarie almost 11 yearsYep,
Options +FollowSymLinks
worked like a charm. -
Arjan over 10 yearsAnd maybe run
sudo apachectl restart
after that. -
nil over 10 yearsand too restart your apache, just execute
sudo apachectl restart
in your terminal. -
Alyssa over 10 yearsThis working for me running 10.7.5. The Directory path wasn't pointing to my local web root, once I updated and restarted apache everything worked. What is strange is that the path has been incorrect for over a year and was working the whole time. I just got the error today out of the blue.