Home > Operation and Maintenance > Apache > How to solve apache 403 forbidden

How to solve apache 403 forbidden

藏色散人
Release: 2019-12-16 14:34:17
Original
4356 people have browsed it

How to solve apache 403 forbidden

How to solve apache 403 forbidden?

apache httpd server 403 forbidden problem

1. Problem description

In the httpd configuration of apache2 , 403 will appear in many situations.

Just installed the httpd service, of course there will be no 403 problem. It mainly occurred after modifying some configurations. The problem is described as follows:

After modifying the DocumentRoot directory pointing, a 403 error occurred on the site.

Setting up a virtual host directory may also cause 403.

Apache's httpd service started successfully. It looks normal, but it does not have permission to access.

The log appears: access to / denied (filesystem path '/srv/lxyproject/wsgi/django.wsgi ') because search permissions are missing on a component of the path

After setting the virtual directory, the error log appears: client denied by server configuration: /srv/lxyproject/wsgi/django.wsgi

2. Analysis of problems and solutions

Pay attention to the error log content when solving the problem step by step below. OK, start.

1. Directory configuration file in httpd.conf

If it shows that the DocumentRoot has been changed, for example, it is changed to "/usr/local/site/test". The site directory and test directory are created by using mkdir, and then an index.html is placed under the test directory. In this case, you should check the configuration in httpd.conf.

Your must be consistent with DocumentRoot, because this Directory is Apache's access permission setting for the directory. Only the correct directory is set, DocumentRoot will take effect.

<Directory "/usr/local/site/test">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn&#39;t give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None
    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>
Copy after login

2. Directory access permissions

The first step is correct if the configuration is still 403, check whether there is Deny from in the directory configuration all. Otherwise, all access will be denied, of course, 403.

Can be set to Allow from all or Require all granted to process.

Do not modify Deny from all in the root directory of .

3. Directory permissions

If it is still 403, it may be a permission issue with the website directory.

Apache requires the directory to have execution permissions, which is x. It should be noted that your directory tree should have these permissions.

If your directory is /usr/local/site/test, then ensure the four levels of /usr, /usr/local, /usr/local/site, /usr/local/site/test All directories have 755 permissions.

#chmod 755 /usr/local/site
#chmod 755 /usr/local/site/test
Copy after login

One mistake I made was that I only set the last-level directory permissions and did not set the upper-level directory permissions, resulting in 403.

4. Virtual Directory

[I have never encountered this problem, because I have never written it like this. The online information says this, which can be used as a reference]

If it is set is a virtual directory, then you need to define a virtual directory in httpd.conf, and it looks like the following fragment:

Alias /folder "/usr/local/folder"                       
<Directory "/usr/local/folder">                         
    Options FollowSymLinks                            
    AllowOverride None                              
    Order deny,allow                               
    Deny from all                                 
    Allow from 127.0.0.1 192.168.1.1                       
</Directory>
Copy after login

If this is the case, and you write something similar to my code above, three Every folder is the same, it will definitely be 403! How to solve it is to change the string after the slash after Alias. Change it to something that does not have the same name as the folder of the virtual directory. Then I can use the changed virtual directory to access it. Of course, change it. Folders are also OK, as long as you are not afraid of trouble and as long as the virtual directory definition characters (red) behind Alias ​​and the actual folder name (black) are different, it will be OK.

5. Selinux problem

If it is still 403, then selinux is causing trouble. Therefore, you can set the selinux permissions on your directory.

I encountered this problem today.

#chcon -R -t httpd_sys_content_t /usr/local/site
#chcon -R -t httpd_sys_content_t /usr/local/site/test
Copy after login

Online information says that most of this step will not happen. But my problem is indeed that it may be related to the system, and I don’t quite understand the specific principle.

6. Problems with wsgi

My virtual host configuration is:

<VirtualHost *:80>
WSGIScriptAlias / /srv/lxyproject/wsgi/django.wsgi
Alias /static/ /srv/lxyproject/collectedstatic/
ServerName 10.1.101.31
#ServerName example.com
#ServerAlias www.example.com
<Directory /srv/lxyproject/collectedstatic>
  Options Indexes  FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<Directory /srv/lxyproject/wsgi/>
    Allow from all
</Directory>
ErrorLog   /etc/httpd/logs/lxyproject.error.log
LogLevel warn
</VirtualHost>
Copy after login

I access the

log error:

client denied by server configuration: /srv/lxyproject/wsgi/django.wsgi
Copy after login

Solution Method:

Modify Allow from all in to: Require all granted.

This problem is due to the version.

My httpd version is:

[root@yl-web conf.d]# rpm -qa |grep httpd
httpd-devel-2.4.6-31.el7.centos.x86_64
httpd-tools-2.4.6-31.el7.centos.x86_64
httpd-2.4.6-31.el7.centos.x86_64
Copy after login

For versions below 2.3, use Allow from all, and for versions 2.3 and above, use Require all granted. .

<Directory /home/aettool/aet/apache>
  <IfVersion < 2.3 >
   Order allow,deny
   Allow from all
  </IfVersion>
  <IfVersion >= 2.3>
   Require all granted
  </IfVersion>
</Directory>
Copy after login

The above is the detailed content of How to solve apache 403 forbidden. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template