Apache2 virtualhost 403 forbidden?
Solution 1
Turns out I had to chmod not only /home/afflicto/public_html
but also /home/afflicto/
directory as well.
Weird.
Solution 2
I was faced with this issue. But I didn't like the idea of changing the group of my home directory to www-data. This problem can simply be solved by modifying the configuration file for the virtualHost. Simply configure the Directory tag to include these
<Directory "your directory here">
Order allow,deny
Allow from all
Require all granted
</Directory>
The Require all granted
is a new feature I guess; having a default value of denied
.
see this page for further info: http://httpd.apache.org/docs/current/mod/core.html#directory
Solution 3
I struggled with this exact issue for hours, and what finally solved it for me is adding a slash after the directory inside of apache2.conf
.
<Directory /dir>
-> <Directory /dir/>
Solution 4
Here's another answer intending to add a simpler explanation. Let's say you want to serve a file named "main" which is in the /var/www/testwebsite
directory(the DocumentRoot of an already configured & enabled virtual host). Now assume we want the Apache web server to only have access to the "main" file and not other files(e.g. main might be an entry point to our web app), then it means that the apache web server has to be the owner of that file. so chown www-data:www-data /var/www/testwebsite/main
must do it. (notice: www-data
is both the name of the user and the name of the group that apache uses when interacting with other files(actually, on distributions other than Ubuntu, this might be a different name, in which case it can simply be looked up in the apache2.conf
as well)). Also in case the "main" file doesn't have the permission to be read/executed, it must be granted to the apache's user and group: chmod 770 /var/www/testwebsite/main
. This gives the user(www-data) and the group(www-data) who are owners of the file "main" these permissions: read/write/execute(4+2+1=7), and gives other users no permissions. Now that single file(main) can be run by the Apache while we can have any other strict level of restriction on all other files in the /var/www/testwebsite
directory.
Petter Thowsen
Updated on December 16, 2021Comments
-
Petter Thowsen over 2 years
I'm running ubuntu 13.04 64bit on my desktop, I installed Apache2, MySQL and PHP etc.
I wanted to have my web root in
/home/afflicto/public_html
instead of/var/www
. So I went along with this guide:
http://www.maketecheasier.com/install-and-configure-apache-in-ubuntu/2011/03/09
(I did everything from "configuring different sites") as I like the solution more.Here's what I did:
Installed Apache2, MySQL etc..
copied/etc/apache2/sites-avaliable/default
to/etc/apache2/sites-available/afflicto
. Then edited it, it now looks like the following:/etc/apache2/sites-available/afflicto
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /home/afflicto/public_html <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /home/afflicto/public_html/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
I did
sudo a2dissite default && sudo a2ensite afflicto && sudo service apache2 restart
I created a
index.php
andindex.html
in/home/afflicto/public_html/test/
when accessinglocalhost/test
orlocalhost/test/index.html
etc, I get 403 forbidden error.What am I doing wrong? thanks in advance.
update 1
I have set the owner of the public_html directory towww-data
.
Alsosudo chmod -R +x public_html && sudo chmod -R 777 public_html
Still same 403 error.Here's the output of the apache error log:
[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
-
dsh almost 11 yearsCorrect. The apache process must have access to every directory in the path. Additionally, the apache process requires that each directory have world-access or it won't serve the directory to the (outside) world.
-
STW over 10 yearsThat fixed it for me! Thanks
-
93196.93 over 10 yearsApparently Order and Allow are not required for 2.4?
-
Zoltán about 10 yearsThat
Require all granted
is gold. Thanks a lot! -
Giacomo1968 about 10 yearsNot weird at all. Your stated
DocumentRoot
is/home/afflicto/public_html
so that needs to be accessible by Apache. -
Peter almost 10 yearsSituations exist where
Require all granted
might still not solve the problem. Cases where the files are to be served from a user directory [which might be encrypted]. In which case you need to do achmod +x
on the user directory. I'm adding this comment because I encountered this error "access denied because search permissions are missing"; the chmod +x on my home dir helped out. I'm not sure if this is very safe but my home dir is encrypted. -
Iazel almost 10 yearsThank you, I was stuck with this error for half an hour before reading your solution!
-
dennisbot over 9 yearsin my case I also needed to do this "chmod +x /home/(username)", andrewklau.com/…
-
Charleston over 7 yearsOptions +Indexes should be added on apache 2.4.18+ if you want to show the folders