0

I do not have physical access to the server and do not have access to the logs. Some files are generating 403 errors despite me putting an .htaccess with an:

Order Deny,Allow
Allow from all

I even tried to put an explicit FilesMatch in one of the files the above directive inside it. I know this is hard to answer given the amount of detail that I am giving but I hope I could get some ideas as to why this MIGHT be happening and be able to really point out to my webhosts that their server configuration is really the problem.

EDIT:

I thought I might get those answers, the truth is, I am also frustrated because it seems that the IT guys here do not know Apache. I also do not have SSH access, I only have FTP access. I do not use any third party admin packages (cPanel, Plesk). It is not a virtual host. I am sorry for posting a vague question. I am actually a PHP developer and am only delivering files. I am frustrated at a very limited access that I am given. I am not given database access, I deliver SQL files and they install them.

I really was hoping that there was some misconfiguration in the top level since 2 out of 3 uploads in the same directory end up as 403'd files. I was thinking more on the line of:

'The one who set up the server was overly protective developing complex regex'es to disallow hotlinking in the http.conf in such a way that most files match those regex'es'

But thanks for the time anyways. I guess I'd have to hammer the IT guys to give me access to logs and everything.

Rolando Cruz
  • 203
  • 2
  • 8
  • please be more specific. You don't have physical access to the server nor the logs. DId you try remote over SSH? What is the permission on the folder, and it's group? What configuration do you use for the webhosts (VirtualHost?), do you use some kind of third party programe to manage your server like webmin, virtualmin? What is your distro? Are you on linux? Seriously, give more details if you want more answer! – Anarko_Bizounours Aug 03 '11 at 08:37
  • "Completely random" -- I'd say it's more likely to be, at most, pseudorandom. And how do you administer the server without access to the logs? – womble Aug 03 '11 at 08:40

1 Answers1

3

A 403 error can also mean that your file permissions are wrong. If the user running the web server is not allowed to read that file, you will receive this status code.

See what permissions a working file has and put the same to a file that is not working.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • it's 0640, the 403'd file that is – Rolando Cruz Aug 03 '11 at 10:03
  • OK, and if they are owned by a different user that is not in the same group than the user running the web server, they can't be read. Set the right to 644 and see if it's working then. – Sven Aug 03 '11 at 10:09
  • Aha! The 0644 did it. So I do have to set explicit permissions for every user uploaded file. I have a question though, the file was uploaded via Ajax and will be reloaded for it to be cropped. So I am assuming that the "uploader" and the "reader" are one and the same. Or am I missing something big here? – Rolando Cruz Aug 03 '11 at 10:36