Apache 2.4 - 403 HTTP status code

Question

I'm getting a 403 error message with Apache, in Debian Testing.

Apache version:

# aptitude show apache2 | grep -i version
Version: 2.4.9-1

# ls -la /home/

total 28
drwxr-xr-x  4 root    root     4096 Apr  3 13:19 .
drwxr-xr-x 23 root    root     4096 Apr  4 07:28 ..
drwx------  2 root    root    16384 Apr  3 13:13 lost+found
drwx--x--x 36 username username  4096 Apr  7 13:30 username

# ls -la /home/username/Development/PHP/foo.dev.com/

total 16
drwx--x--x 4 username username 4096 Apr  3 14:35 .
drwx--x--x 6 username username 4096 Apr  3 14:36 ..
drwx--x--x 2 username username 4096 Apr  3 14:35 logs
drwx--x--x 8 username username 4096 Apr  3 14:35 public_html

# cat /etc/apache2/sites-enabled/dev.com.conf
UseCanonicalName Off

<VirtualHost *>
    VirtualDocumentRoot "/home/username/Development/PHP/%0/public_html/"
    <Directory "/home/username/Development/PHP/%0/public_html/">
        Require all granted
    </Directory>
</VirtualHost>

# cat /var/log/apache2/error.log
[Mon Apr 07 14:08:15.069251 2014] [authz_core:error] [pid 8649] [client 127.0.0.1:48578] AH01630: client denied by server configuration: /home/username/Development/PHP/foo.dev.com/public_html/

Firefox, "No proxy for" configuration: localhost, 127.0.0.1, *.dev.com

# cat /etc/hosts:
hosts        hosts.allow  hosts.deny
root@username:/home# cat /etc/hosts
127.0.0.1   localhost
127.0.1.1   username.mymachine.local    username

# Custom
127.0.0.1   teste.dev.com

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

UPDATE 1:

SELinux does not seems to be installed:

$ aptitude search ~i | grep selinux
i   libselinux1                     - SELinux runtime shared libraries

UPDATE 2:

$ ls -la /home/
total 28
drwxr-xr-x  4 root    root     4096 Apr  3 13:19 .
drwxr-xr-x 23 root    root     4096 Apr  4 07:28 ..
drwx------  2 root    root    16384 Apr  3 13:13 lost+found
drwx--xr-x 38 username username  4096 Apr  9 08:26 username

What about the other directories between `/home/username` and `/home/username/Development/PHP/foo.dev.com/public_html` - do they also allow access? — Jenny D, Apr 09 '14 at 13:35

krisFR · Accepted Answer · 2014-04-09T16:30:58.270

1

client denied by server configuration: /home/username/Development/PHP/foo.dev.com/public_html/

This make me think about a similar issue i had :

Ensure that www-data user has the x bit permission set for each folders on the path to /home/username/Development/PHP/foo.dev.com/public_html

Either by making www-data the owner of the folders : chown www-data

Or grant the x bit to others : chmod o+x

EDIT :

Finally i have been able to reproduce. It seems that %0 is not supported in <Directory> directive. I have corrected this adding a * instead :

UseCanonicalName Off
<VirtualHost *>
    VirtualDocumentRoot "/home/username/Development/PHP/%0/public_html/"
    <Directory "/home/username/Development/PHP/*/public_html/">
        Require all granted
    </Directory>
</VirtualHost>

edited Apr 09 '14 at 16:30

answered Apr 08 '14 at 12:26

krisFR

13,280
4
36
42

"chmod -R o+x username/" doesn't change anything. The error remains the same. Thank you. – Thom Thom Thom Apr 09 '14 at 11:18
And what are rhe permissions for `/home` ? – krisFR Apr 09 '14 at 13:26
Please check the update 2 above. Thanks. – Thom Thom Thom Apr 09 '14 at 13:29
It shows permissions for `username` directory, not for `home` directory. I would like to see permissions for `/home` directoty, not `username` directory : `ls -ld /home` – krisFR Apr 09 '14 at 13:31
drwxr-xr-x 4 root root 4096 Apr 3 13:19 /home – Thom Thom Thom Apr 09 '14 at 13:41

score 0 · Answer 2 · answered Apr 08 '14 at 16:11

0

I'm not sure if <Directory>-directive accepts %0 as part of the path name, in the documentation only regexps are mentioned: http://httpd.apache.org/docs/current/mod/core.html#directory

Whereas ´%0´ is part of the vhost_alias-module:http://httpd.apache.org/docs/current/mod/mod_vhost_alias.html

You might try changing

<Directory "/home/username/Development/PHP/%0/public_html/">

to:

<Directory "/home/username/Development/PHP/">

and see if this is the case. You can also probably try with regexp /home/username/Development/PHP/*/public_html/

answered Apr 08 '14 at 16:11

isido

61
4

It accepted in a CentOS 6.5 box with httpd 2.2. Maybe it has changed with 2.4 ... – Thom Thom Thom Apr 09 '14 at 11:15
Oh, did you check if SELinux context is `httpd_sys_content_t`with `ls -Z`, if you have it on? – isido Apr 09 '14 at 12:10

score 0 · Answer 3 · edited Apr 09 '14 at 13:31

0

client denied by server configuration: /home/username/Development/PHP/foo.dev.com/public_html/

It should be obvious that....

ls -la /home/username/Development/PHP/foo.dev.com/

... drwx--x--x 8 username username 4096 Apr 3 14:35 public_html

...the apache uid needs READ permission on the directory (and the file). To fix:

chmod -R o+r /home/username/Development/PHP/foo.dev.com/

edited Apr 09 '14 at 13:31

Jenny D

27,780
21
75
114

answered Apr 08 '14 at 16:49

symcbean

21,009
1
31
52

"chmod -R o+r /home/username/" doesn't change anything. The error remains the same. Thank you. – Thom Thom Thom Apr 09 '14 at 11:22
Then either your apache instance is running under the gid you have reported as 'username' [sic] or the command above was run by a uid without sufficient privelege or there a secondary issue which we can't tell from the information you've provided. – symcbean Apr 09 '14 at 11:47
I've run it with the root user. – Thom Thom Thom Apr 09 '14 at 11:57

Apache 2.4 - 403 HTTP status code

UPDATE 1:

UPDATE 2:

3 Answers3

Linked

Related