Apache giving 403 forbidden errors

问题

Ok, so i've previously set up two virtual hosts and they are working cool. they both house simple web projects and work fine with http://project1 and http://project2 in the browser.

Anyway, I've come to add another vhost. I edited the /etc/hosts file with 127.0.0.1 project3 and also updated the httpd-vhosts.conf file by copy and pasting the previous entries for project2 and editing the file path.

I've checked all the file and folder permissions (in fact I copied and pasted from project2) and simply put a "hello world" message in the index.php file.

I get a 403 forbidden permission denied message when accessing http://project3

Why is this, I just can figure out what step I've missed as everything seems to be set up correct.

Thanks in advance.

回答1:

Check that :

• Apache can physically access the file (the user that run apache, probably www-data or apache, can access the file in the filesystem)
• Apache can list the content of the folder (read permission)
• Apache has a "Allow" directive for that folder. There should be one for /var/www/, you can check default vhost for example.

Additionally, you can look at the error.log file (usually located at /var/log/apache2/error.log) which will describe why you get the 403 error exactly.

Finally, you may want to restart apache, just to be sure all that configuration is applied. This can be generally done with /etc/init.d/apache2 restart. On some system, the script will be called httpd. Just figure out.

回答2:

I just fixed this issue after struggling for a few days. Here's what worked for me:

First, check your Apache error_log file and look at the most recent error message.

• If it says something like:

  access to /mySite denied (filesystem path
  '/Users/myusername/Sites/mySite') because search permissions
  are missing on a component of the path
  

  then there is a problem with your file permissions. You can fix them by running these commands from the terminal:

  $ cd /Users/myusername/Sites/mySite
  $ find . -type f -exec chmod 644 {} \;
  $ find . -type d -exec chmod 755 {} \;
  

  Then, refresh the URL where your website should be (such as http://localhost/mySite). If you're still getting a 403 error, and if your Apache error_log still says the same thing, then progressively move up your directory tree, adjusting the directory permissions as you go. You can do this from the terminal by:

  $ cd ..
  $ chmod 755 mySite
  

  If necessary, continue with:

  $ cd ..
  $ chmod Sites 
  

  and, if necessary,

  $ cd ..
  $ chmod myusername
  

  DO NOT go up farther than that. You could royally mess up your system. If you still get the error that says search permissions are missing on a component of the path, I don't know what you should do. However, I encountered a different error (the one below) which I fixed as follows:

• If your error_log says something like:

  client denied by server configuration:
  /Users/myusername/Sites/mySite
  

  then your problem is not with your file permissions, but instead with your Apache configuration.

  Notice that in your httpd.conf file, you will see a default configuration like this (Apache 2.4+):

  <Directory />
      AllowOverride none
      Require all denied
  </Directory>
  

  or like this (Apache 2.2):

  <Directory />
    Order deny,allow
    Deny from all
  </Directory>
  

  DO NOT change this! We will not override these permissions globally, but instead in your httpd-vhosts.conf file. First, however, make sure that your vhost Include line in httpd.conf is uncommented. It should look like this. (Your exact path may be different.)

  # Virtual hosts
  Include etc/extra/httpd-vhosts.conf
  

  Now, open the httpd-vhosts.conf file that you just Included. Add an entry for your webpage if you don't already have one. It should look something like this. The DocumentRoot and Directory paths should be identical, and should point to wherever your index.html or index.php file is located. For me, that's within the public subdirectory.

  For Apache 2.2:

  <VirtualHost *:80>
  #     ServerAdmin webmaster@dummy-host2.example.com
      DocumentRoot "/Users/myusername/Sites/mySite/public"
      ServerName mysite
  #     ErrorLog "logs/dummy-host2.example.com-error_log"
  #     CustomLog "logs/dummy-host2.example.com-access_log" common
      <Directory "/Users/myusername/Sites/mySite/public">
          Options Indexes FollowSymLinks Includes ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
  </VirtualHost>
  

  The lines saying

  AllowOverride All
  Require all granted
  

  are critical for Apache 2.4+. Without these, you will not be overriding the default Apache settings specified in httpd.conf. Note that if you are using Apache 2.2, these lines should instead say

  Order allow,deny
  Allow from all
  

  This change has been a major source of confusion for googlers of this problem, such as I, because copy-pasting these Apache 2.2 lines will not work in Apache 2.4+, and the Apache 2.2 lines are still commonly found on older help threads.

  Once you have saved your changes, restart Apache. The command for this will depend on your OS and installation, so google that separately if you need help with it.

I hope this helps someone else!

---

PS: If you are having trouble finding these .conf files, try running the find command, such as:

$ find / -name httpd.conf

回答3:

restorecon command works as below :

restorecon -v -R /var/www/html/

回答4:

The server may need read permission for your home directory and .htaccess therein

回答5:

You can try disabling selinux and try once again using the following command

setenforce 0

回答6:

In my case it was failing as the IP of my source server was not whitelisted in the target server.

For e.g. I was trying to access https://prodcat.ref.test.co.uk from application running on my source server. On source server find IP by ifconfig

This IP should be whitelisted in the target Server's apache config file. If its not then get it whitelist.

Steps to add a IP for whitelisting (if you control the target server as well) ssh to the apache server sudo su - cd /usr/local/apache/conf/extra (actual directories can be different based on your config)

Find the config file for the target application for e.g. prodcat-443.conf

RewriteCond %{REMOTE_ADDR} <YOUR Server's IP> 
for e.g.
RewriteCond %{REMOTE_ADDR} !^192\.68\.2\.98

Hope this helps someone

来源：https://stackoverflow.com/questions/18447454/apache-giving-403-forbidden-errors