Summary of workarounds for Apache server Forbidden 403 Error hints

Source: Internet
Author: User
Tags 403 forbidden error



In the configuration of the Apache Linux service, often encounter http403 error, I today configuration test also appeared, finally resolved, summed up a bit. HTTP 403 error is a denial of access meaning, for a number of reasons. Also, these problems will happen in the Apache of WIN platform! I have summarized the following experience for the main 4 kinds of reasons!



I test the environment is: Scientific Linux 5.3 (with Rhel and CentOS hundred percent compatible!) ), other versions of Linux should be generic and not tested.



1. Access to the document permissions is insufficient. More than 755 permissions. WORKAROUND: Use the command chmod 755/var/www/or other appropriate directory.
2. Reasons for SELinux or firewalls. Workaround: First turn off SELinux and let the firewall pass the WWW service.
3. Virtual Host configuration error. For example, I have met once:
httpd.conf Add the configuration file for the virtual host:


The code is as follows: # Virtual hosts
Include conf/extra/httpd-vhosts.conf


And conf/extra/httpd-vhosts.conf is not configured well, and the virtual host function is not yet used, so the include conf/extra/httpd-vhosts.conf commented out, after restarting Apache normal.
WORKAROUND: Reconfigure the virtual host or temporarily shut down.



4. Settings for DocumentRoot. Here's how to fix it:



Open the Apache configuration file httpd.conf and find this code:


The code is as follows: <directory/>
Options FollowSymLinks
AllowOverride None
Order Deny,allow
Deny from all
</Directory>


Sometimes because PHP is configured, the "Deny from all" here has rejected all connections. Change the line to "allow from all" and modify the code as follows to resolve the problem.


The code is as follows: <directory/>
Options FollowSymLinks
AllowOverride None
Order Deny,allow
Allow from all
</Directory>


The following is a supplement to other netizens:



Summary of deployment of Apache services Forbidden 403



A lot of friends and students have asked me the same question. Visit website Forbidden 403 What is the reason? The General page tip is:



Forbidden
You don't have permission to access/on the this server.








HTTP Error code 403:
403 Forbidden resource is not available. The server understands the customer's request, but refuses to process it. This is usually caused by the permissions set on the file or directory on the server.



The possible (but not limited to) reasons for this are:



Cause there is no permissions permission to the site directory in the 1:apache configuration file, which is usually (important, often occurring) when you change the default Apache site directory after the initial installation of Apache:



If you change the site directory to:/var/blog, the 403 error will be returned if you do not add the following configuration in the Apache configuration file.



<directory "/var/blog" >
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,deny
Allow from all
</Directory>



Hint: The configuration of the production environment should also be modified, see below, here is only the topic of this article to explain.



Cause 2: There is no home file (index file) in the site directory, and the configuration of Apache prohibits directory browsing, it will prompt 403 error, configured as follows (occasional):



A. No home file (index file) under the Site directory:
[Email protected] blog]# pwd
/var/blog
[email protected] blog]# LL
Total 12
Drwxr-xr-x 2 root root 4096 June 4 22:11 Oldboy
-rw-r--r--1 root root 0 June 4 22:11 oldboy.html
Tip: Listed above is the site Directory/var/blog directory without presets home DirectoryIndex index.html



B.apache configuration prohibits three configurations of directory browsing
The first type of configuration:
<directory "/var/blog" >
Options-indexes FollowSymLinks
AllowOverride None
Order Allow,deny
Allow from all
</Directory>



The second type of configuration:
<directory "/var/blog" >
Options FollowSymLinks
AllowOverride None
Order Allow,deny
Allow from all
</Directory>



The third type of configuration:
<directory "/var/blog" >
Options None
AllowOverride None
Order Allow,deny
Allow from all
</Directory>



Hint: The second reason friends occasionally friends, but encountered the most problem is the first reason.
========================================================
Detailed description of the above configuration:









Cause 3: Also directory permissions issue (infrequently occurring)



As follows: Deny 10.0.0.0/24 whole-section access. This will cause a 403 error on the denied host access
<directory "/var/blog" >
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,deny
#Allow from all
Deny from 10.0.0.0/24
<directory "/var/blog" >
Options Indexes FollowSymLinks
AllowOverride None
Order Allow,deny
#Allow from all
Allow from 10.0.0.116
#Deny from 10.0.0.0/24
</Directory>



Cause 4: Site Directory permissions issue (infrequently occurring).



The site Directory requires Apache users to have access, or 403 errors will be reported.
[Email protected] var]# pwd
/var
[Email protected] var]# chown-r root.root blog/
[Email protected] var]# chmod Blog
[Email protected] var]# ll-d blog/
drwx------3 root root 4096 June 4 22:11 blog/



One possibility is the setting of the DocumentRoot option, which can occur if you modify the option after installing apache2 and you forget to configure access permissions for the new directory.



For example, when the apache2 is installed, the default parameters are as follows:


    1. DocumentRoot /usr/local/www/data
    2. <directory "/usr/local/www/data">
    3. Options Indexes FollowSymLinks
    4. AllowOverride None
    5. Order allow,deny
    6. Allow from all
    7. </directory>


We often re-specify the directory where the Web files are stored, such as setting documentroot/var/www this often ignores the changes to the following directory items, the path must be modified to/var/www at the same time, otherwise access to all directories will appear 403 Forbidden error.



Today installed on the company's computer Apache, version 2.2.8, loaded just test can be; configuration of the next php php.in file again localhost open found error: HTTP Error 403-forbidden, that is, 403 forbidden:you don ' t have Permission to access/on the this server. Not enough permissions?
Open the Apache configuration file httpd.conf immediately, and check it step by line. In about half of the time, there is the following code:


    1. <Directory />
    2. Options FollowSymLinks
    3. AllowOverride None
    4. Order deny,allow
    5. Deny from all
    6. </Directory>


Found it.



Since PHP was configured, the "Deny from all" here has rejected all connections. Change the line to "allow from all" and modify the code as follows to resolve the problem.


    1. <Directory />
    2. Options FollowSymLinks
    3. AllowOverride None
    4. Order deny,allow
    5. allow from all
    6. </Directory>


Another possibility arises when we configure different virtualhost, and there is a virtualhost documentroot that is not in the global DocumentRoot directory, which must be added separately to the directory in the global category Item is set, or 403 Forbidden error occurs for all accesses under the VirtualHost.



This problem is due to the Apache2 of the higher requirements for permissions and security, the strict management of directory files distributed on different disks, which we must pay attention to when we do web planning.
Try the following steps:


    • First: To see if the directory configuration is wrong, it seems that this is not generally the reason
    • Second: see if user group specifies that users have permission to access that directory, otherwise modify the owner of the directory with Chown
    • Third: see if SELinux is a ghost, generally nothing to the selinux stopped and then restarted linux,selinux configuration file in/etc/selinux/config, changed to disable
    • IV: I have done all the discovery or not, then it may be that Apache was installed with Root, the Apache unloaded with a non-root user reinstall.


The ultimate solution: If none of the above is possible!!!


Forbidden you do have a permission to access/~ Web in this server. Additionally, a 403 Forbidden error is encountered while trying to use an error Document to handle the request.

apache/2.0.54 (CentOS) Server at 127.0.0.1 Port 80


In general, this problem, intuitively will think of the directory access to the problem, looked for a long time, adjusted for a long time did not solve the problem.



In the meantime I thought about the problem of SELinux, went in to see a circle, did not find anything to change the place. (later it turns out that sometimes intuition is very accurate, whether you can find the answer, the difference is often: whether to go deeper in intuition).



Solve the problem with the Apache 403 Google search for a while, and finally found in a blog, the author encountered and I exactly the same problem: Apache, directory configuration is no problem, but it is unable to display the page.



The solution is precisely to modify the SELinux access control to public_html.



Modify the folder security properties with the following command


    1. chcon -R -t httpd_user_content_t public_html/


This article is for more reasons, look forward to your answer.



Summary of workarounds for Apache server Forbidden 403 Error hints


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.