Apache client denied by server configuration after mac OS X upgrade to Yosemite
Solution 1
In your user .conf (douglas.conf) replace:
Order allow,deny
Allow from all
With:
Require all granted
The difference is how apache 2.4 handles permissions
http://httpd.apache.org/docs/2.4/upgrading.html
Solution 2
I had the same issue and I fixed it by doing so:
-
Load the userdir module: edit httpd.conf (
/etc/apache2/httpd.conf
on macbook) and uncomment these lines:LoadModule userdir_module libexec/apache2/mod_userdir.so
and
Include /private/etc/apache2/extra/httpd-userdir.conf
-
Edit httpd-userdir.conf (at
/etc/apache2/extra/httpd-userdir.conf
), find and uncomment the following line:Include /private/etc/apache2/users/*.conf
-
Edit your config file at users/*.conf, add
Require local
and+
(or-
) character before all options in the options line:<Directory "/Users/user/Sites/"> Options +Indexes +MultiViews +FollowSymLinks +SymLinksIfOwnerMatch +ExecCGI AllowOverride All Require local Order allow,deny Allow from all </Directory>
Solution 3
I experienced the same thing but on Mavericks after applying the security update from a couple days ago. Mavericks is still using Apache 2.2 so it wasn't the config issue chrisMc mentioned, though it looks like he's right and you'll need to change that as well.
In my case, I first resolved the core problem by commenting out the Homebrew PHP 5.4 module line I had previously added. In the httpd.conf
:
#LoadModule php5_module /usr/local/opt/php54/libexec/apache2/libphp5.so
And instead opting for the default PHP module which I had commented out before:
LoadModule php5_module libexec/apache2/libphp5.so
That fixed it, but as for why the Homebrew version broke, I think maybe a system library it was compiled against was updated in the security update. When I ran php -v
I got a warning about an icu4c
library that wasn't loaded.
So, I just recompiled PHP and it worked again. In my case, I just did
brew uninstall php54
brew install php54
Then the Homebrew module could be enabled again.
Solution 4
The answers above do work, on a stock install. If not, a few things that might help:
-
On your filesystem, the folder needs to be exactly Sites with a capital S (the folder name is hardcoded in the userdir module, it can't be any different) Its permissions must be:
drwxr-xr-x 2 username staff 68 29 mar 11:26 Sites
-
The
<Directory…>
configuration is applied on top of it, so it needs to match the folder name exactly, including the case (we're coming from Linux…).Permissions of the
/etc/apache2/users/username.conf
file:-rw-r--r-- 1 root wheel 189 29 mar 11:42 username.conf
So make sure that the line <Directory "/Users/user/Sites/">
refers exactly to the right folder with the right username (with user matching the name of the configuration file), case included, and the Sites
folder does exist exactly as is, case included.
Solution 5
Since I have never used homebrew I ended up following this guide. Setup for personal development.
I did see that the permissions that the first poster was talking about as being part of the problem, but I still have a permissions issue with personal setup using a user.conf file. This setup used virtual hosts. I have no idea what homebrew did that solved the problem. I guess I would call this a work around because it did not fix my original issue, which is that I cannot access anything on the web server using a user.conf file.
Related videos on Youtube
new2code
Updated on September 18, 2022Comments
-
new2code over 1 year
I know this looks similar to other questions but Yosemite seems to have changed something with Apache configuration with the upgrade. My error log says: "client denied by server configuration: /Users/douglas/Sites/testpatient.php"
Apache version: MacBook-Pro:apache2 douglas$ apachectl -v Server version: Apache/2.4.9 (Unix) Server built: Sep 9 2014 14:48:20
My douglas.conf file is 644 root/wheel and the following:
<Directory "/Users/douglas/Sites"> Options Indexes Multiviews AllowOverride None Order allow,deny Allow from all </Directory>
My http.conf has the following:
# If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User _www Group _www </IfModule> ... DocumentRoot "/Library/WebServer/Documents" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Satisfy All </Directory> ... <Directory "/Library/WebServer/Documents"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks MultiViews # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #AllowOverride None AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all Satisfy All </Directory>
Anything would be appreciated. I tried rolling back to the previous http.conf file but there are a number of differences as far as modules that need to be loaded. It is entirely possible that I missed a module but there is no complaint in the log.
-
new2code over 9 yearsI changed the settings in httpd.conf and douglas.conf but I still get the same error
-
Zoe Edwards over 9 yearsDon’t forget to restart Apache
-
orome over 9 yearsThis (exactly this, nothing more, nothing less) worked for me, when nothing else did. Thx!
-
Alexis Wilke over 9 yearsThis is cool, although the old Order/Allow/Deny are still working if you have the
access_compat
module turned on. I think it would have been better for me to get errors and fix my setups instead of letting it go for longer with the old configs. -
MarkHu over 8 yearsAwesome! The key for me was simply commenting out lines 220-221 (
# AllowOverride none
and# Require all denied
) which were apparently newly added in Yosemite.