CentOS Apache HTTPD Configuration (403 Forbidden)

Question

This is what i have in my httpd.conf

<VirtualHost *:80>
        ServerAdmin spero78@spero78.com
        ServerName mcmoddr.com
        ServerAlias www.mcmoddr.com
        DocumentRoot /home/mcmoddr/www/
        ErrorLog /mcmoddr/logs/error.log
        CustomLog /mcmoddr/logs/accesslog combined
</VirtualHost>

When visiting thwe site i get a 403 Forbidden error, The files are added with vsftpd and have the permissions drwxr-xr-x

score 13 · Answer 1 · edited Mar 29 '12 at 17:36

13

You are using a stock install of CentOS, if that is correct please check that if SELinux is in Enforcing mode

getenforce

if the result is "Enforcing"

temporally change it to permissive

setenforce 0

and try again, you can also guide the condition of web content to the files in your home directory.

edited Mar 29 '12 at 17:36

Lucas Kauffman

16,818
9
57
92

answered Mar 29 '12 at 16:00

Freaktor

271
2
9

This did the trick in my case. But if I subsequently reinforce again (with **setenforce 1**) the 403 error doesn't show up anymore, even though the configuration is the same as before, when it used to show up. – damix911 Nov 30 '13 at 02:23
this is nothing more than a dirty hack. Its certainly not the proper way to simply disable security features. You should configure them instead. – The Fool Feb 21 '20 at 11:17

score 9 · Answer 2 · answered Dec 03 '12 at 14:45

9

Disable SELinux or run in ROOT

setsebool -P httpd_enable_homedirs on
chcon -R -t httpd_sys_content_t /home/
chcon -R -t httpd_sys_rw_content_t /home/

answered Dec 03 '12 at 14:45

IgoRRius

91
1
1

score 5 · Answer 3 · answered Aug 10 '12 at 03:17

5

Freaktor's answer of 'setenforce 0' did "work" for me (thanks!)

But to keep it working and re-enable SELinux, I needed to

sudo chcon -Rv --type=httpd_t /path/to/my/files

...this gave my directory and all files and directories within it the security context of "httpd_t" which is a clunky way of saying SELinux let httpd read those files.

enabling selinux again was as simple as

setenforce 1

answered Aug 10 '12 at 03:17

jg3

169
1
6

2

This is just temporary; any new files you make would have their original context and SELinux would still deny access to the new files. For a permanent solution, see [this answer](http://serverfault.com/a/409488/126632). – Michael Hampton Aug 10 '12 at 03:28

score 3 · Answer 4 · answered Mar 28 '12 at 14:48

3

You probably have a deny all somewhere in the global config. Try adding this to the vhost stanza:

<Directory /home/mcmoddr/www>
  Order allow,deny
  Allow from all
</Directory>

answered Mar 28 '12 at 14:48

Alex Howansky

510
2
5

+1, Also @Spero78 should make sure no .htaccess file is in root of your vhost with restrictive directives – Mar 28 '12 at 14:57

score 0 · Answer 5 · edited Aug 01 '19 at 04:02

0

Please add the below line in your existing code.

restorecon -r /home/mcmoddr/www/

It should fix your issue.

edited Aug 01 '19 at 04:02

womble

95,029
29
173
228

answered Jul 31 '19 at 19:50

Niranjay singh

11

score 0 · Answer 6 · answered Aug 01 '19 at 04:12

0

you need to use the <Directory> container as it mentioned above .

And then you need to check from your DocumentRoot path, Each directory must have read permission so the service user apache can access .

you can check using ls -ld

answered Aug 01 '19 at 04:12

user533968

1

CentOS Apache HTTPD Configuration (403 Forbidden)

6 Answers6