Why am I getting 403 permission denied from Apache 2.4.7 on ubuntu 14.04
In Apache 2.2, the directive was allow from all
, but in Apache 2.4, this has become require all granted
. Search for require all granted
in the documentation.
Related videos on Youtube
Ramy
Updated on September 18, 2022Comments
-
Ramy over 1 year
I've read about a dozen different answer to this but none of those answers seem to help. Here is the issue in a nutshell:
@bos-lpqum:/var/www$ curl http://localhost/html/index.html <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /html/index.html on this server.</p> <hr> <address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address> </body></html>
When I try to access from another machine (after opening the right ports) I get a timeout.
I ran
sudo chown -R www-data:www-data /var/www
but still getting the same 403. I can provide any conf files you'd like to see.I copied my sites-enabled config over from another machine running apache 2.2.22. Locally i'm running 2.4.7.
update: Permissions look accurate to me:
@bos-lpqum:/var$ ls -lt total 64 drwxr-xr-x 4 root root 4096 May 7 23:12 centrifydc drwxrwxrwt 2 root root 4096 May 7 22:48 tmp drwxrwxr-x 21 root syslog 4096 May 7 08:00 log drwxr-xr-x 2 root root 4096 May 6 07:59 backups drwxrwsrwt 2 root whoopsie 4096 May 6 07:35 crash drwxrwsrwt 2 root whoopsie 4096 May 5 13:09 metrics drwxr-xr-x 10 root root 4096 May 5 12:53 spool drwxr-xr-x 20 root root 4096 May 5 12:50 cache drwxr-xr-x 79 root root 4096 May 5 12:50 lib drwxr-xr-x 3 www-data www-data 4096 May 5 12:40 www drwxr-xr-x 3 root root 4096 May 5 12:12 dell lrwxrwxrwx 1 root root 4 May 4 15:41 run -> /run drwxr-xr-x 4 root root 4096 Mar 18 11:19 centrify drwxr-xr-x 2 root root 4096 Mar 18 08:19 games lrwxrwxrwx 1 root root 9 Mar 18 08:03 lock -> /run/lock drwxrwsr-x 2 root mail 4096 Mar 18 08:03 mail drwxr-xr-x 2 root root 4096 Mar 18 08:03 opt drwxrwsr-x 2 root 50 4096 Apr 19 2012 local
tried the curl with https (instead of http):
$ curl https://localhost -k <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator at [email protected] to inform them of the time this error occurred, and the actions you performed just before this error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.4.7 (Ubuntu) Server at localhost Port 443</address> </body></html>
`allow from all' is not anywhere to be found:
$ egrep -r "allow.*from" /etc/apache2/* /etc/apache2/mods-available/info.conf: # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. /etc/apache2/mods-available/status.conf: # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
original config:
new config:
000-default.config:
-
Frank Thomas about 9 yearsSince this is your server, this probably isn't the solution, but 90% of the time, if I go to a site and get a 403, changing HTTP in the url to HTTPS fixes it.
-
Ramy about 9 yearsThat might shed some light on it, but now I get a 500 instead of 403.
-
Daniel B about 9 yearsTo answer this question, we need your configuration, especially the one that you copied.
-
Ramy about 9 yearssee update @daniel
-
-
Ramy about 9 yearsI wish that was the case because EVERYTHING on the internet says to change this, but a grep of my /etc/apache2/* does not show any "allow from all"
-
user993553 about 9 yearsdid you add require all granted anyway? did you grep case sensitive?
-
Ramy about 9 yearsI added my default config. That should cover it, no?
-
Daniel B about 9 yearsI don’t know what you added, but if it’s what’s in the edited question, it’s bad. Never ever allow more than you absolutely need to.
-
Ramy about 9 years...this is for my local dev environment. I just want to get the server working so i can develop locally.
-
Ramy about 9 yearsneed to access from exactly one other machine.