403 Forbidden Error on Mac OS X Localhost

macos osx-snow-leopard apache-http-server

96,420

Solution 1

Apple has a support document for this problem. Fixing the issue involves creating a file /etc/apache2/users/yourusername.conf (yourusername being the account short name, e.g. danielbeck – it's usually the name of your home folder in /Users) with the following contents:

<Directory "/Users/yourusername/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Afterwards, run sudo chown root:wheel /etc/apache2/users/yourusername.conf and restart Apache.

Solution 2

For Apache to see the file, the user that Apache runs as (probably www or _www) must have access to these users' Sites directories. Having read/execute access to the contents of ~/Sites is not enough, because it has to be allowed to traverse from / down the path to ~/Sites. So make sure /, /Users, /Users/myusername, and /Users/myusername/Sites all have at least a+x permission (the eXecute bit on directories allows that user class to traverse the directory, even if Read access is not allowed).

ls -lde / /Users/ /Users/myusername/ /Users/myusername/Sites

If any of those directories doesn't show the last x set (the one for "others"), then use something like chmod a+x ... to set it for that directory.

If the ACL for any of those directories shows that user www has been specifically denied access, then use the appropriate arguments to chmod to fix the ACLs.

Solution 3

For reference, I just dealt with this, and none of the answers here worked in my specific case. I was configuring virtual hosts, but more importantly, I needed my htaccess files to actually work.

I changed on "AllowOverride None" to "AllowOverride All" in my /etc/apache2/users/USERNAME.conf file, and all of my sites started to be forbidden.

I changed it back and and then changed it only for one site in my httpd-vhosts.conf file, and only that site was forbidden.

After looking at the logs and seeing the problem was with url rewriting and the lack of FollowSymLinks, I went back to the USERNAME.conf file. I switch "AllowOverride None" to "AllowOverride All" and added "Options +FollowSymLinks" on the next line.

Things started working. I came from using xampp on windows and it had a lot of these settings already set server-wide for dummies like me.

Solution 4

update for Lion in 10/2011 I had to also add

UserDir enabled so my /etc/apache2/extra/httpd-userdir.conf is like this :

UserDir enabled 
UserDir Sites

#
# Users might not be in /Users/*/Sites, so use user-specific config files.
#
Include /private/etc/apache2/users/*.conf

<IfModule bonjour_module>
   RegisterUserSite customized-users
</IfModule>

Solution 5

I had the same problem: My (old) account wasn't accessible, but another user's account which were created after upgrading to Lion worked just fine.

After making sure your /etc/apache2/users/USERNAME.conf looks like this:

<Directory "/Users/USERNAME/Sites/">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

do a sudo chown root:wheel /etc/apache2/users/USERNAME.conf

it appears that this permission setting isn't set during the OS upgrade, and the Apache user can't read the config file, and throws an error.

At least this solved it for me.

View more solutions

96,420

voodoo555

Updated on September 17, 2022

Comments

voodoo555 over 1 year

I set up Web Sharing in System Preferences on Mac OS X 10.6 and clicked the link it gave me there. Unfortuantely, Apache gave me this 403 error:

Forbidden

You don't have permission to access /~myusername/index.html on this server.

Access log displays: 10.0.1.2 - - [30/Jun/2010:16:25:15 -0700] "GET /~myusername/ HTTP/1.1" 403 210

Error log displays: [Wed Jun 30 16:26:09 2010] [error] [client 10.0.1.2] client denied by server configuration: /Users/myusername/Sites/

Curiously enough, accessing http://localhost works fine. It's just with two of the user folders that I've having trouble with, the other user folder, which is newer than my system upgrade, is working fine.

I've had this working on my machine in Leopard before, so I chmodded everything in ~/Sites to 755, which didn't do any good. Any suggestions? I presume I've done something to my machine that's caused this, since I can't imagine Apple messing up on something like this.

I did set up PEAR with these instructions, but I have no idea if that could be the cause of it.
- Michael H. almost 14 years
  
  Sorry if this is a dumb question, but exactly what URL are you going to? I ask because the URL "/~myusername/index.html" is an odd one -- it should either be "~myusername/index.html", or it should be "localhost/~myusername/index.html", or something similar. Simply starting from / and then adding ~myusername smells funny. In addition to (or instead of) answering that, you can go into Console.app (/Applications/Utilities/Console.app) and find the apache2 access_log and error_log. Pull that up, perhaps clear the display, and then re-try your URL to see what the error log tells you.
- voodoo555 almost 14 years
  
  @khedron: The URL is localhost/~myusername/index.html, but the error displays the /~myusername/index.html part
- Michael H. almost 14 years
  
  OK, just checking. What does the apache log say in the console (console.app)?
- voodoo555 almost 14 years
  
  @khedron: I posted the access and error log up in the question. Is there another one?
- Michael H. almost 14 years
  
  Sorry, I didn't see that. OK -- that clearly shows the URL is understood correctly, but is denied. In that case.. hmm, can't format this properly in a comment, see answer down below.
- Wassim Sboui over 11 years
  
  I have the same problem as you, and I just do : chmod 777 /Applications/XAMPP/htdocs/myusername , it work's for me
voodoo555 almost 14 years

Sorry, just to double check, I should be visiting localhost/~myusername/index.html and have a file called index.html in my Sites folder, right? If so, then the 403 is still happening.
Josh K almost 14 years

You shouldn't be visiting ~myusername at all I believe. http://localhost/ should point to /Users/youruser/Sites/.
voodoo555 almost 14 years

Nope, mine looks exactly like yours.
voodoo555 almost 14 years

The execute bit is set for all of those directories, but I don't know how to check if a specific user has been denied access.
Spiff almost 14 years

That's what the "e" in "ls -lde" is for. It lists the ACLs (if any) for each of the files.
Mark almost 13 years

Changing permissions on /Users/myusername to chmod 755 fixed the issue for me.
Misha Reyzlin about 12 years

thanks so much, spent quite some time figuring out what's going on, didn't have to tinkle with Apache / PHP for some time now
Tom Lianza almost 12 years

Doesn't this command give the _www user permission to access your root directory, as well as the /Users directory, etc? That can't possibly be right, is it? All of those security holes to share a page in one folder? Is this behavior documented somewhere?
Tom Lianza almost 12 years

Replying to my own comment, I found this answer ( serverfault.com/a/293063/14970 ) which does provide a link to reliable documentation on this behavior: wiki.apache.org/httpd/13PermissionDenied
octern over 11 years

For the record: Adding +x doesn't give read or write permission to anything, it just allows the user to navigate down to a directory where they do have read access (in this case, the Sites directory).
nickdos over 11 years

I had this issue and found a simple single file symlink worked but sym linking to a directory did not. Turned out the directories I was linking to had a sticky bit set like this drwxr-xr-x@. Doing a chmod 755 dirName to remove the sticky bit fixed the issue, as Mark R pointed out above.
agarie almost 11 years

Yep, Options +FollowSymLinks worked like a charm.
Arjan over 10 years

And maybe run sudo apachectl restart after that.
nil over 10 years

and too restart your apache, just execute sudo apachectl restart in your terminal.
Alyssa over 10 years

This working for me running 10.7.5. The Directory path wasn't pointing to my local web root, once I updated and restarted apache everything worked. What is strange is that the path has been incorrect for over a year and was working the whole time. I just got the error today out of the blue.