Httpdforbidden, apache httpd server 403

Httpdforbidden, apache httpd server 403
I. Problem Description

In the httpd configuration of apache2, 403 may occur in many cases.

If you have just installed the httpd service, of course there will be no 403 problems. The problem is described as follows:

• After modifying the DocumentRoot directory to point to, the site will receive a 403 error.
• Setting the VM directory may also result in 403.
• The httpd service of apache is successfully started. It seems to be normal but has no access permission.
• Log appears: access to/denied (filesystem path '/srv/lxyproject/wsgi/django. wsgi') because search permissions are missing on a component of the path
• After setting the virtual directory, the error log appears: client denied by server configuration:/srv/lxyproject/wsgi/django. wsgi

Ii. analyze problems and solutions

Pay attention to the error log content when solving the problem step by step. OK.

1. Directory configuration file in httpd. conf

If DocumentRoot is changed, for example, "/usr/local/site/test ". Site and test are created using mkdir. then, an index.html file is stored in the test. In this case, check the configuration in httpd. conf.

Your <Directory "/usr/local/site/test"> must be consistent with DocumentRoot, because this Directory is set by apache to access this Directory. Only the correct Directory is set, documentRoot takes effect.

<Directory "/usr/local/site/test">    #    # Possible values for the Options directive are "None", "All",    # or any combination of:    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews    #    # Note that "MultiViews" must be named *explicitly* --- "Options All"    # doesn't give it to you.    #    # The Options directive is both complicated and important.  Please see    # http://httpd.apache.org/docs/2.4/mod/core.html#options    # for more information.    #    Options Indexes FollowSymLinks    #    # AllowOverride controls what directives may be placed in .htaccess files.    # It can be "All", "None", or any combination of the keywords:    #   Options FileInfo AuthConfig Limit    #    AllowOverride None    #    # Controls who can get stuff from this server.    #    Require all granted</Directory>

2. directory access permission

Check whether Deny from all exists in the Directory configuration <Directory "/usr/local/site/test">. If yes, all access requests will be rejected, of course, 403.

You can set it to Allow from all or Require all granted.

Do not modify Deny from all in the root Directory of <Directory/>.

3. Directory Permissions

If it is still 403, it may be the permission of the website directory.

Apache requires the directory to have the execution permission, that is, x. Note that your directory tree should have these permissions.

If your directory is/usr/local/site/test, make sure/usr,/usr/local,/usr/local/site, the directory at the/usr/local/site/test levels has 755 permissions.

#chmod 755 /usr/local/site#chmod 755 /usr/local/site/test

One mistake I made was to set only the last level of directory permissions, without setting the upper level of directory permissions, resulting in 403.

4. virtual directory

[I have never encountered this problem, because I have never written it like this. I can write online materials as a reference]

If you are setting a virtual directory, You need to define a virtual directory in httpd. conf, which is like the following:

Alias /folder　"/usr/local/folder"　　　　　　　　　　　　　　　　　　　　　　　<Directory "/usr/local/folder">　　　　　　　　　　　　　　　　　　　　　　　　　    Options FollowSymLinks　　　　　　　　　　　　　　　　　　　　　　　　　　　　    AllowOverride None　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　    Order deny,allow　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　    Deny from all　　　　　　　　　　　　　　　　　　　 　　　　　　　　　　　　　    Allow from 127.0.0.1 192.168.1.1　　　　　　　　　　　　　　　　　　　　　　　</Directory>　　　　　　

If this is the case, and you write code similar to above, the three folder is the same, it will definitely be 403! How can this problem be solved? It is to change the string following the Alias slash. Do not change it to the same name as the folder in the virtual directory, then I can use the changed virtual directory to access the directory. Of course, you can also change the folder, as long as you are not afraid of trouble, as long as the virtual directory definition character (red) after Alias) and the actual folder name (black)DifferentOK.

5. selinux Problems

If it is still 403, selinux is playing a strange role. Therefore, you can set the selinux permission for your directory.

This is the problem I encountered today.

#chcon -R -t httpd_sys_content_t /usr/local/site#chcon -R -t httpd_sys_content_t /usr/local/site/test

However, most of these steps will not happen. However, my problem is that it may be related to the system. The specific principle is not very understandable.

6. wsgi Problems

My VM configuration is:

<VirtualHost *:80>WSGIScriptAlias / /srv/lxyproject/wsgi/django.wsgiAlias /static/ /srv/lxyproject/collectedstatic/ServerName 10.1.101.31#ServerName example.com#ServerAlias www.example.com<Directory /srv/lxyproject/collectedstatic>　　Options Indexes  FollowSymLinks    AllowOverride None    Require all granted</Directory><Directory /srv/lxyproject/wsgi/>    Allow from all</Directory>ErrorLog   /etc/httpd/logs/lxyproject.error.logLogLevel warn</VirtualHost>

My access

Log error:

client denied by server configuration: /srv/lxyproject/wsgi/django.wsgi

Solution:

Modifying <Directory/srv/lxyproject/wsgi/>Allow from allIs:Require all granted.

This problem is caused by the version,

My httpd version is:

[root@yl-web conf.d]# rpm -qa |grep httpdhttpd-devel-2.4.6-31.el7.centos.x86_64httpd-tools-2.4.6-31.el7.centos.x86_64httpd-2.4.6-31.el7.centos.x86_64

For versions earlier than 2.3, Allow from all and 2.3 and later are Require all granted.

<Directory /home/aettool/aet/apache>  <IfVersion < 2.3 >   Order allow,deny   Allow from all  </IfVersion>  <IfVersion >= 2.3>   Require all granted  </IfVersion></Directory>

Reference: http://stackoverflow.com/questions/17766595/403-forbidden-error-with-django-and-mod-wsgi

 

Starof, the author of this article, is constantly learning and growing because of the changing knowledge. The content of this article is also updated from time to time. To avoid misleading readers and facilitate tracing, Please repost the source: http://www.cnblogs.com/starof/p/4685999.html has questions welcome to discuss with me and make progress together.