Apache2 returns 403 for static file request on root

Question

On my new Apache/2.4.52 (Ubuntu) Server installation, the SSL configuration in general runs well, having Tomcat apps proxied and working.

Still, the static file configuration for root does not work. My config is like this:

<VirtualHost *:443>
    ServerAdmin admin@my.wonderful.server
    ServerName my.wonderful.server
    DocumentRoot "/srv/www/htdocs/ssl/"

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    SSLCertificateFile /path/to/my_wonderful_server.pem
    SSLCertificateKeyFile /etc/apache2/ssl.crt/my_wonderful_server-key.no_enc.pem
    SSLCertificateChainFile /etc/apache2/ssl.crt/chain.txt

    # app 1 proxy to tomcat
    ProxyPass           /appa           http://localhost:8080/appa
    ProxyPassReverse    /appa           http://localhost:8080/appa

    # app 2 proxy to tomcat
    ProxyPass           /appb           http://localhost:8080/appb
    ProxyPassReverse    /appb           http://localhost:8080/appb

    ErrorDocument 503 '<head><meta charset="UTF-8"/><title>Warning</title><style>body { height: 100%; padding: 150px; text-align: center; background-color: #f4f8f9; } h1 { font-size: 50px; } body { font: 20px Helvetica, sans-serif; color: #333; } article { width: 650px; margin: 0 auto; display: block; text-align: left; } a { color: #dc8100; text-decoration: none; } a:hover { color: #004678; text-decoration: none; }</style></head><body><article>Server Maintenance</article></body>'

    ErrorLog /var/log/apache2/mywonderfulserver-error.log
    LogLevel warn
    CustomLog /var/log/apache2/mywonderfulserver-access.log combined

</VirtualHost>

The server is listening: netstat -tulpn | grep 443 gives:

tcp6       0      0 :::443                  :::*                    LISTEN      172209/apache2

There is an index.html file in the document root under /srv/www/htdocs/ssl/index.html

This is my first installation with Apache 2.4. So I might still have to enable some module? What am I missing?

score 0 · Answer 1 · answered Jun 14 '23 at 13:36

The default behavior of Apache is to deny everything, so you need to give access to the directories you want to use. There are a few exceptions which differ between distributions, but the rule of thumb is that you need to set up permissions by hand.

So, at a minimum, you need to add a block like this:

<Directory /srv/www/htdocs/ssl>
    Require all granted
</Directory>

If you plan to have more directories in /srv/www/htdocs, then it is better to give the grant to that directory (subdirectories will inherit the grant). Also, it is important that the webserver's user (which is www-data on Debian-based systems and apache on Redhat-based systems) needs to have access to the directory on the filesystem.

Apache2 returns 403 for static file request on root

1 Answers1