Apache client denied by server configuration after mac OS X upgrade to Yosemite

macos php apache-http-server

23,517

Solution 1

In your user .conf (douglas.conf) replace:

Order allow,deny
Allow from all

With:

Require all granted

The difference is how apache 2.4 handles permissions

http://httpd.apache.org/docs/2.4/upgrading.html

Solution 2

I had the same issue and I fixed it by doing so:

Load the userdir module: edit httpd.conf (/etc/apache2/httpd.conf on macbook) and uncomment these lines:

LoadModule userdir_module libexec/apache2/mod_userdir.so

and

Include /private/etc/apache2/extra/httpd-userdir.conf

Edit httpd-userdir.conf (at /etc/apache2/extra/httpd-userdir.conf), find and uncomment the following line:
```
Include /private/etc/apache2/users/*.conf
```

Edit your config file at users/*.conf, add Require local and + (or -) character before all options in the options line:

<Directory "/Users/user/Sites/">
    Options +Indexes +MultiViews +FollowSymLinks +SymLinksIfOwnerMatch +ExecCGI
    AllowOverride All
    Require local
    Order allow,deny
    Allow from all
</Directory>

Solution 3

I experienced the same thing but on Mavericks after applying the security update from a couple days ago. Mavericks is still using Apache 2.2 so it wasn't the config issue chrisMc mentioned, though it looks like he's right and you'll need to change that as well.

In my case, I first resolved the core problem by commenting out the Homebrew PHP 5.4 module line I had previously added. In the httpd.conf:

#LoadModule php5_module /usr/local/opt/php54/libexec/apache2/libphp5.so

And instead opting for the default PHP module which I had commented out before:

LoadModule php5_module libexec/apache2/libphp5.so

That fixed it, but as for why the Homebrew version broke, I think maybe a system library it was compiled against was updated in the security update. When I ran php -v I got a warning about an icu4c library that wasn't loaded.

So, I just recompiled PHP and it worked again. In my case, I just did

brew uninstall php54
brew install php54

Then the Homebrew module could be enabled again.

Solution 4

The answers above do work, on a stock install. If not, a few things that might help:

On your filesystem, the folder needs to be exactly Sites with a capital S (the folder name is hardcoded in the userdir module, it can't be any different) Its permissions must be:
```
drwxr-xr-x   2 username staff    68 29 mar 11:26 Sites
```
The <Directory…> configuration is applied on top of it, so it needs to match the folder name exactly, including the case (we're coming from Linux…).

Permissions of the /etc/apache2/users/username.conf file:
```
-rw-r--r--  1 root  wheel  189 29 mar 11:42 username.conf
```

So make sure that the line <Directory "/Users/user/Sites/"> refers exactly to the right folder with the right username (with user matching the name of the configuration file), case included, and the Sites folder does exist exactly as is, case included.

Solution 5

Since I have never used homebrew I ended up following this guide. Setup for personal development.

I did see that the permissions that the first poster was talking about as being part of the problem, but I still have a permissions issue with personal setup using a user.conf file. This setup used virtual hosts. I have no idea what homebrew did that solved the problem. I guess I would call this a work around because it did not fix my original issue, which is that I cannot access anything on the web server using a user.conf file.

View more solutions

23,517

new2code

Updated on September 18, 2022

Comments

new2code over 1 year

I know this looks similar to other questions but Yosemite seems to have changed something with Apache configuration with the upgrade. My error log says: "client denied by server configuration: /Users/douglas/Sites/testpatient.php"

Apache version: MacBook-Pro:apache2 douglas$ apachectl -v Server version: Apache/2.4.9 (Unix) Server built: Sep 9 2014 14:48:20

My douglas.conf file is 644 root/wheel and the following:

<Directory "/Users/douglas/Sites">
   Options Indexes Multiviews
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

My http.conf has the following:

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User _www
Group _www

</IfModule>

...

DocumentRoot "/Library/WebServer/Documents"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Satisfy All
</Directory>

...

<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
#AllowOverride None
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
Satisfy All
</Directory>

Anything would be appreciated. I tried rolling back to the previous http.conf file but there are a number of differences as far as modules that need to be loaded. It is entirely possible that I missed a module but there is no complaint in the log.

new2code over 9 years

I changed the settings in httpd.conf and douglas.conf but I still get the same error
Zoe Edwards over 9 years

Don’t forget to restart Apache
orome over 9 years

This (exactly this, nothing more, nothing less) worked for me, when nothing else did. Thx!
Alexis Wilke over 9 years

This is cool, although the old Order/Allow/Deny are still working if you have the access_compat module turned on. I think it would have been better for me to get errors and fix my setups instead of letting it go for longer with the old configs.
MarkHu over 8 years

Awesome! The key for me was simply commenting out lines 220-221 ( # AllowOverride none and # Require all denied) which were apparently newly added in Yosemite.