Apache2 virtualhost 403 forbidden?

ubuntu apache2 virtualhost http-status-code-403

102,311

Solution 1

Turns out I had to chmod not only /home/afflicto/public_html but also /home/afflicto/ directory as well.

Weird.

Solution 2

I was faced with this issue. But I didn't like the idea of changing the group of my home directory to www-data. This problem can simply be solved by modifying the configuration file for the virtualHost. Simply configure the Directory tag to include these

<Directory "your directory here">
   Order allow,deny
   Allow from all
   Require all granted
</Directory>

The Require all granted is a new feature I guess; having a default value of denied.

see this page for further info: http://httpd.apache.org/docs/current/mod/core.html#directory

Solution 3

I struggled with this exact issue for hours, and what finally solved it for me is adding a slash after the directory inside of apache2.conf.

<Directory /dir> -> <Directory /dir/>

Solution 4

Here's another answer intending to add a simpler explanation. Let's say you want to serve a file named "main" which is in the /var/www/testwebsite directory(the DocumentRoot of an already configured & enabled virtual host). Now assume we want the Apache web server to only have access to the "main" file and not other files(e.g. main might be an entry point to our web app), then it means that the apache web server has to be the owner of that file. so chown www-data:www-data /var/www/testwebsite/main must do it. (notice: www-data is both the name of the user and the name of the group that apache uses when interacting with other files(actually, on distributions other than Ubuntu, this might be a different name, in which case it can simply be looked up in the apache2.conf as well)). Also in case the "main" file doesn't have the permission to be read/executed, it must be granted to the apache's user and group: chmod 770 /var/www/testwebsite/main. This gives the user(www-data) and the group(www-data) who are owners of the file "main" these permissions: read/write/execute(4+2+1=7), and gives other users no permissions. Now that single file(main) can be run by the Apache while we can have any other strict level of restriction on all other files in the /var/www/testwebsite directory.

View more solutions

102,311

Author by

Petter Thowsen

Updated on December 16, 2021

Comments

Petter Thowsen over 2 years
I'm running ubuntu 13.04 64bit on my desktop, I installed Apache2, MySQL and PHP etc.

I wanted to have my web root in /home/afflicto/public_html instead of /var/www. So I went along with this guide:
http://www.maketecheasier.com/install-and-configure-apache-in-ubuntu/2011/03/09
(I did everything from "configuring different sites") as I like the solution more.

Here's what I did:
Installed Apache2, MySQL etc..
copied /etc/apache2/sites-avaliable/default to /etc/apache2/sites-available/afflicto. Then edited it, it now looks like the following:

/etc/apache2/sites-available/afflicto
```
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /home/afflicto/public_html
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /home/afflicto/public_html/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>  
```
I did sudo a2dissite default && sudo a2ensite afflicto && sudo service apache2 restart

I created a index.php and index.html in /home/afflicto/public_html/test/
when accessing localhost/test or localhost/test/index.html etc, I get 403 forbidden error.

What am I doing wrong? thanks in advance.

update 1
I have set the owner of the public_html directory to www-data.
Also sudo chmod -R +x public_html && sudo chmod -R 777 public_html
Still same 403 error.

Here's the output of the apache error log:
```
[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to / denied

[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
```
dsh almost 11 years

Correct. The apache process must have access to every directory in the path. Additionally, the apache process requires that each directory have world-access or it won't serve the directory to the (outside) world.
STW over 10 years

That fixed it for me! Thanks
93196.93 over 10 years

Apparently Order and Allow are not required for 2.4?
Zoltán about 10 years

That Require all granted is gold. Thanks a lot!
Giacomo1968 about 10 years

Not weird at all. Your stated DocumentRoot is /home/afflicto/public_html so that needs to be accessible by Apache.
Peter almost 10 years

Situations exist where Require all granted might still not solve the problem. Cases where the files are to be served from a user directory [which might be encrypted]. In which case you need to do a chmod +x on the user directory. I'm adding this comment because I encountered this error "access denied because search permissions are missing"; the chmod +x on my home dir helped out. I'm not sure if this is very safe but my home dir is encrypted.
Iazel almost 10 years

Thank you, I was stuck with this error for half an hour before reading your solution!
dennisbot over 9 years

in my case I also needed to do this "chmod +x /home/(username)", andrewklau.com/…
Charleston over 7 years

Options +Indexes should be added on apache 2.4.18+ if you want to show the folders