apache client denied by server configuration after mac OS X upgrade to Yosemite

12

8

I know this looks similar to other questions but Yosemite seems to have changed something with apache configuration with the upgrade. my error log says " client denied by server configuration: /Users/douglas/Sites/testpatient.php"

Apache version: MacBook-Pro:apache2 douglas$ apachectl -v Server version: Apache/2.4.9 (Unix) Server built: Sep 9 2014 14:48:20 my douglas.conf file is 644 root/wheel and the following:

<Directory "/Users/douglas/Sites">
   Options Indexes Multiviews
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

my http.conf has the following:

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User _www
Group _www

</IfModule>

...

DocumentRoot "/Library/WebServer/Documents"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Satisfy All
</Directory>

...

<Directory "/Library/WebServer/Documents">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks MultiViews

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
#AllowOverride None
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
Satisfy All
</Directory>

Anything would be appreciated. I tried rolling back to the previous http.conf file but there are a number of differences as far as modules that need to be loaded. It is entirely possible that I missed a module but there is no complaint in the log.

new2code

Posted 2014-10-17T14:54:44.403

Reputation: 133

While chrisMc's answer is spot on, future stumblers may also want to read installing Apache, PHP, and MySQL on Mac OS X Yosemite.

– Jason McCreary – 2014-12-04T03:45:16.563

Answers

16

In your user .conf (douglas.conf) replace:

Order allow,deny
Allow from all

With:

Require all granted

The difference is how apache 2.4 handles permissions

http://httpd.apache.org/docs/2.4/upgrading.html

chrisMc

Posted 2014-10-17T14:54:44.403

Reputation: 176

I changed the settings in httpd.conf and douglas.conf but I still get the same error – new2code – 2014-10-17T21:12:13.380

1Don’t forget to restart Apache – Thomas Edwards – 2014-10-18T13:20:42.747

This is cool, although the old Order/Allow/Deny are still working if you have the access_compat module turned on. I think it would have been better for me to get errors and fix my setups instead of letting it go for longer with the old configs. – Alexis Wilke – 2014-10-23T00:42:46.493

11

I had the same issue as well, and fixed it by doing so:

  1. Load the userdir module by finding the following lines in httpd.conf and uncommenting it: LoadModule userdir_module libexec/apache2/mod_userdir.so Include /private/etc/apache2/extra/httpd-userdir.conf

  2. Edit extra/httpd-userdir.conf, find and uncomment the following line: Include /private/etc/apache2/users/*.conf

  3. Edit users/*.conf, add Require local and add + (or -) character before all options in the options line, like so: <Directory "/Users/user/Sites/"> Options +Indexes +MultiViews +FollowSymLinks +SymLinksIfOwnerMatch +ExecCGI AllowOverride All Require local Order allow,deny Allow from all </Directory>

s4nji

Posted 2014-10-17T14:54:44.403

Reputation: 220

1This (exactly this, nothing more, nothing less) worked for me, when nothing else did. Thx! – orome – 2014-10-18T21:50:53.387

1

I experienced the same thing but on Mavericks after applying the security update from a couple days ago. Mavericks is still using Apache 2.2 so it wasn't the config issue chrisMc mentioned, though it looks like he's right and you'll need to change that as well.

In my case, I first resolved the core problem by commenting out the Homebrew PHP 5.4 module line I had previously added. In the httpd.conf:

#LoadModule php5_module /usr/local/opt/php54/libexec/apache2/libphp5.so

And instead opting for the default PHP module which I had commented out before:

LoadModule php5_module libexec/apache2/libphp5.so

That fixed it, but as for why the Homebrew version broke, I think maybe a system library it was compiled against was updated in the security update. When I ran php -v I got a warning about an icu4c library that wasn't loaded.

So, I just recompiled PHP and it worked again. In my case, I just did

brew uninstall php54
brew install php54

Then the Homebrew module could be enabled again.

toddabrahm

Posted 2014-10-17T14:54:44.403

Reputation: 11

1

Since I have never used homebrew I ended up following this guide. Setup for personal development.

I did see that the permissions that the first poster was talking about as being part of the problem, but I still have a permissions issue with personal setup using a user.conf file. This setup used virtual hosts. I have no idea what homebrew did that solved the problem. I guess I would call this a work around because it did not fix my original issue, which is that I cannot access anything on the web server using a user.conf file.

new2code

Posted 2014-10-17T14:54:44.403

Reputation: 133

Awesome! The key for me was simply commenting out lines 220-221 ( # AllowOverride none and # Require all denied) which were apparently newly added in Yosemite. – MarkHu – 2015-09-04T23:22:00.703

0

The answers above do work, on a stock install. If not, a few things that might help:

  1. On your filesystem, the folder needs to be exactly Sites with a capital S (the folder name is hardcoded in the userdir module, it can't be any different) Its permissions must be:

    drwxr-xr-x   2 username staff    68 29 mar 11:26 Sites

  2. The <Directory…> configuration is applied on top of it, so it needs to match the folder name exactly, including the case (we're coming from Linux…).

    Permissions of the /etc/apache2/users/username.conf file:

    -rw-r--r--  1 root  wheel  189 29 mar 11:42 username.conf

So make sure that the line <Directory "/Users/user/Sites/"> refers exactly to the right folder with the right username (with user matching the name of the configuration file), case included, and the Sites folder does exist exactly as is, case included.

Brunni

Posted 2014-10-17T14:54:44.403

Reputation: 1

0

In my case, apache version 2.4.27.

Solved problem after Changing my httpd-vhosts.conf file from "/etc/apache2/extra/httpd-vhosts.conf" directory.

From

<VirtualHost *:80>
    ServerName inventory.loc
    ServerAlias www.inventory.loc
    DocumentRoot "/Users/Vagabond/Sites/inventory/public/"
    ErrorLog "/Users/Vagabond/Sites/logs/inventory.loc-error_log"
    CustomLog "/Users/Vagabond/Sites/logs/inventory.loc-access_log"
</VirtualHost>

To, 

<VirtualHost *:80>
    ServerName inventory.loc
    ServerAlias www.inventory.loc
    DocumentRoot "/Users/Vagabond/Sites/inventory/public/"
    <Directory /Users/Vagabond/Sites/inventory/public/>
        Require all granted
        Options Includes FollowSymLinks
    </Directory>
    ErrorLog "/Users/Vagabond/Sites/logs/inventory.loc-error_log"
    CustomLog "/Users/Vagabond/Sites/logs/inventory.loc-access_log"
</VirtualHost>

sh6210

Posted 2014-10-17T14:54:44.403

Reputation: 101

0

In httpd.conf uncomment:

LoadModule authz_core_module libexec/apache2/mod_authz_core.so 
LoadModule authz_host_module libexec/apache2/mod_authz_host.so 
LoadModule userdir_module libexec/apache2/mod_userdir.so 
Include /private/etc/apache2/extra/httpd-userdir.conf

And in /etc/apache2/extra/httpd-userdir.conf uncomment:

Include /private/etc/apache2/users/*.conf

Then restart Apache.

chrisMc

Posted 2014-10-17T14:54:44.403

Reputation: 28

Asked: 2014-10-17T14:54:44.403

Viewed: 20 909 times

Active: 2017-10-25T19:24:16.730