Friday, February 27, 2015

Apache Permission denied access to 403 Forbidden

There are a few things that could be the problem.

Make sure it's not denied by Apache:

<Directory /path/to/webroot>
    Order allow,deny
    Allow from all

So if you have created a VirtualHost or an Alias that does not fall under this /path/to/webroot apache will have denied access to it. The solution in that case is to add another Directory entry in your httpd.conf to allow access to that directory.

If you are using a .htaccess file to control the access permission, make sure you do:

<Directory "/var/www/html">
  ### Changing from None to All
  AllowOverride All

# ls -la .htaccess

-rw-rw----. 1 dev apache 6543 Feb 27 17:26 .htaccess

Make sure Apache has Read, Execute Permissions:

# ls -lad /var/www/html/

drwxr-xr-x. 4 root root 49 Feb 27 01:25 /var/www/html/

If running Security Enhanced Linux (SELinux):

# chcon -R --type=httpd_sys_content_t /var/www/html/magento19

Or for read and write permission:

# chcon -R -t httpd_sys_rw_content_t /var/www/html/magento19/app/etc

Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error:

You would also see a log message of the form "client denied by server configuration". The feature is requiring a user identity to access a directory.

It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive.

Require all denied

This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:

Require all granted

as in

<Directory "your directory here">
   Order allow,deny
   Allow from all
   # New directive needed in Apache 2.4.3: 
   Require all granted


No comments: