403 Forbidden Errors on Red Hat server
Try check the existing permissions on the file:
ls -l index.html
Fix them if necessary:
chmod 644 index.html
If all the standard permissions are correct and you still get a Permission Denied error
, you should check for extended-permissions. For example you can use the command setenforce 0
to turn off SELinux and check to see if the problem goes away. If so, ls -alZ
can be used to view SELinux permission and chcon
to fix them.
Eg:
sudo chcon -R -v -t httpd_sys_rw_content_t index.html
Related videos on Youtube
kaoscify
Updated on September 18, 2022Comments
-
kaoscify almost 2 years
This is my first time using Amazon EC2. I'm running a server with Apache 2.4.6, and I can't seem to get it working when I access the public DNS or Elastic IP address. The error message I get is:
Forbidden You don't have permission to access /index.html on this server.
I have checked the permissions of this file (755). I have a
VirtualHost
block in myhttpd.conf
file as follows:Listen 80 NameVirtualHost *:80 <VirtualHost *:80> DocumentRoot "/var/www/html" ServerName my-ec2-public-dns-url </VirtualHost>
My Security Group settings in AWS are set to Anywhere for both HTTP and HTTPS.
When I check the error log, it says:
AH00132: file permissions deny server access: /var/www/html/index.html
What am I doing wrong?
-
EEAA over 9 yearsFYI, this has nothing to do with EC2, so I removed that tag.
-
kaoscify over 9 years@EEAA Okay, no problem. I thought it may be related due to the Security Group settings. Any idea how I can fix this issue? Thanks.
-
EEAA over 9 yearsSecurity groups are a network level function, whereas the error you're getting is at the application level.
-
Michael Hampton over 9 yearsWhat is the file's security context?
-
kaoscify over 9 years@MichaelHampton Apologies, I'm not sure if I follow correctly so excus my response. It's just a regular index.html file that I put up for testing purposes.
-
Michael Hampton over 9 yearsHow did you "put up" the file? What is the output of
ls -Z /var/www/html/index.html
? -
kaoscify over 9 years@MichaelHampton I first put it in
/home/my-username
using Filezilla. Then I moved it using PuTTY to/var/www/html
. The output of your command is:-rwxr-xr-x my-username my-username unconfined_u:object_r:user_home_t:s0 /var/www/html/index.html
-
-
Federico Sierra over 9 yearsSELinux is a set of kernel modifications and user-space tools. SELinux has a labeling system where every process and every object (files, directories, etc.) gets a label. Then a large rules database, called policy, is loaded into the kernel. The kernel, based on the policy, controls what each process can do based on its label, and the label of the object it is trying to access. For example SELinux allows a process with the Apache label
(httpd_t)
to share data labeled as "read/only Apache content"(httpd_sys_content_thttpd_sys_content_rw_t)
.See selinuxproject.org/page/Main_Page -
Gendarme almost 8 yearsThere are numerous questions about 403 errors with Apache, and none of them mentioned SELinux as the cause of it. After an intense search I finally found this answer. Well done, Federico.
-
the accountant almost 6 years@mapr I found this source helpful to understand the basics of SELinux security context