46

in Apache on Ubuntu I've set up a vhost, but in the browser I keep getting a "403 Access forbidden" error; the log says "Client denied by server configuration: /home/remix/".

Looking for the solution online I found many posts about the directory access (Allow from all, etc), but as far as I know I already did that. In httpd-vhosts.conf there is the following code:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerAdmin webmaster@dummy-host.example.com
    DocumentRoot "/opt/lampp/htdocs/"
    ServerName localhost
    ServerAlias localhost
    ErrorLog "logs/dummy-host.example.com-error_log"
    CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot "/home/remix/"
    ServerName testproject
    ServerAlias testproject
    <Directory "/home/remix/">
        Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

I've also added

127.0.0.1    testproject

to the /etc/hosts file.

Also, the /home/remix/ folder contains an index.html file and vhosts are enabled in httpd.conf.

Is there anything I'm not seeing?

Edit: This is the Apache error_log entry:

[Sat Aug 18 09:15:32.666938 2012] [authz_core:error] [pid 6587] 
[client 127.0.0.1:38873] AH01630: client denied by server configuration: /home/remix/
RemiX
  • 563
  • 1
  • 4
  • 6

6 Answers6

77

Change your authorization configuration:

<Directory /home/remix/>
    #...
    Order allow,deny
    Allow from all
</Directory>

...to the Apache 2.4 version of the same.

<Directory /home/remix/>
    #...
    Require all granted
</Directory>

Review the upgrading overview document for information on other changes you might need to make - and be aware that most of the config examples and assistance that you find out there on Google (as well as on this site) is referring to 2.2.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • 3
    If I had time, I'd log a bug about this because httpd -t says there's no problem using the older syntax, and neither does httpd -S. In my mind, the whole point of a configuration checker is that it should be pointing out problems! ...If you have a directory you're referencing w/o this, it won't work - simple as that. ...Thumbs up on the answer. – Richard T Apr 12 '15 at 23:36
4

Check the permissions on the directory. I would bet that it's set to deny access to anyone but yourself, for instance:

$ ls -ld /home/remix
drwx------ 92 remix remix 4096 Aug 17 22:59 /home/remix

If you see drwx------ exactly, then this is the case. Fix it by running:

chmod a+x /home/remix
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
3

Make sure that the user who is running httpd service has access to this directories.

cpt.Buggy
  • 279
  • 2
  • 9
2

"client denied by server configuration" means that the Linux server itself forbids the access to the file, not Apache.

If providing access through changing permissions / ownership / group membership does not solve the problem, the route cause may be SELinux forbidding the access to any folder which has not the appropriate SE Linux context as explained in 'Relocating an Apache DocumentRoot under Selinux'.

  • If temporarily disabling SELinux by doing setenforce 0 makes the file accessible
  • Whereas re-enabling SELinux by doing setenforce 0 makes again the file not accessible

Then for sure the access is forbidden by SELinux whatever the file permissions are.

Vincent
  • 29
  • 2
0

In my case I had added the application (phpMemcacheAdmin) but had neglected to add the mounts in the deployment stack, so they weren't even there (kubernetes stuff) when it launched. I spent an hour fiddling around deleting extra slashes and changing permissions and finally shelled in and saw they weren't even there.

If you are attempting to deploy in k8s, doublecheck that you have these (if you are using hostPath):

...
    volumeMounts:
    - mountPath: /opt/phpMemcacheAdmin
      name: memcached-admin
...
  - hostPath:
      path: /...../opt/phpMemcacheAdmin
      type: ""
    name: memcached-admin
Richard
  • 121
  • 3
0

Another simple (but tricksy gotcha) that might cause this problem for people is when user directories are not in /home/* But somewhere else e.g. /nethome/*

The supplied userdir.conf contains something like this: (but with Userdir: disabled)

$ cat /etc/httpd/conf.d/userdir.conf 
<IfModule mod_userdir.c>
    UserDir enabled
    UserDir public_html
</IfModule>

<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

The Directory specification assumes ~user == /home/user. Just change or add Directory specification for where the user home directories actually are.

Pretty of obvious but took me a while to figure out!! :-P DUH!

e.g. ~user == /nethome/user

<Directory "/nethome/*/public_html">
    AllowOverride All
    Options MultiViews Indexes Includes FollowSymLinks
    Require all granted
</Directory>

See also more open authorisation on that Directory generally.

gaoithe
  • 183
  • 7