Apache 2.4 Virtual host apache.conf 403 permission & 404 document root access errors

Question

I know this questions has been raised before, but I swear I have read through the other posts. I am using virtual hosts on Apache/2.4.7 (Ubuntu) server to host multiple wordpress sites. I have one site, SiteA which is running fine but SiteB (SiteBroken) is not running.

I installed apache via apt-get and my config file is

/etc/apache2
-rw-r--r--  1 root root 7.3K Mar 28 15:29 apache2.conf

I have read about changing users either inside this file (which I am unsure of) or through the chown command, and as such my permissions for SiteA vs. SiteB

/var/www/SiteA/public_html
total 188k
drwxr-xr-x  5 root     root     4.0K Mar 31 00:42 ..
-rw-r--r--  1 root     root      25K Apr  4 20:23 wp-signup.php
-rw-r--r--  1 root     root      11K Apr  4 20:23 wp-settings.php
-rw-r--r--  1 root     root      33K Apr  4 20:23 wp-login.php
-rw-r--r--  1 root     root     2.9K Apr  4 20:23 wp-cron.php
-rw-r--r--  1 root     root     7.1K Apr  4 20:23 readme.html
-rw-r--r--  1 root     root      418 Apr  4 20:23 index.php
-rw-r--r--  1 root     root     3.0K Apr  4 20:23 xmlrpc.php
-rw-r--r--  1 root     root     4.0K Apr  4 20:23 wp-trackback.php
-rw-r--r--  1 root     root     2.7K Apr  4 20:23 wp-load.php
-rw-r--r--  1 root     root     2.4K Apr  4 20:23 wp-links-opml.php
drwxr-xr-x 12 root     root     4.0K Apr  4 20:23 wp-includes
-rw-r--r--  1 root     root     2.7K Apr  4 20:23 wp-config-sample.php
-rw-r--r--  1 root     root     4.9K Apr  4 20:23 wp-comments-post.php
-rw-r--r--  1 root     root      271 Apr  4 20:23 wp-blog-header.php
-rw-r--r--  1 root     root     4.9K Apr  4 20:23 wp-activate.php
-rw-r--r--  1 root     root      20K Apr  4 20:23 license.txt
-rw-r--r--  1 root     root     8.1K Apr  4 20:23 wp-mail.php
drwxr-xr-x  9 root     root     4.0K Apr  4 20:23 wp-admin
drwxr-xr-x  6 www-data www-data 4.0K Apr 16 14:55 wp-content
-rw-r--r--  1 root     root     3.5K Apr 16 14:58 wp-config.php
drwxr-xr-x  5 root     root     4.0K Apr 16 14:58 .

/var/www/SiteB/public_html
total 220k
-rw-r--r--  1 root     root     3.0K Jan  5 21:17 xmlrpc.php
-rw-r--r--  1 root     root     4.0K Jan  5 21:17 wp-trackback.php
-rw-r--r--  1 root     root      25K Jan  5 21:17 wp-signup.php
-rw-r--r--  1 root     root      11K Jan  5 21:17 wp-settings.php
-rw-r--r--  1 root     root     8.1K Jan  5 21:17 wp-mail.php
-rw-r--r--  1 root     root      33K Jan  5 21:17 wp-login.php
-rw-r--r--  1 root     root     2.7K Jan  5 21:17 wp-load.php
-rw-r--r--  1 root     root     2.4K Jan  5 21:17 wp-links-opml.php
-rw-r--r--  1 root     root     2.9K Jan  5 21:17 wp-cron.php
-rw-r--r--  1 root     root     4.9K Jan  5 21:17 wp-comments-post.php
-rw-r--r--  1 root     root      271 Jan  5 21:17 wp-blog-header.php
-rw-r--r--  1 root     root     4.9K Jan  5 21:17 wp-activate.php
-rw-r--r--  1 root     root      418 Jan  5 21:17 index.php
drwxr-xr-x  9 root     root     4.0K Jan  5 22:11 wp-admin
-rw-r--r--  1 root     root      20K Feb 18 22:05 license.txt
drwxr-xr-x 12 root     root     4.0K Mar  1 21:57 wp-includes
-rw-r--r--  1 root     root     3.4K Mar 28 23:48 wp-config.php
-rw-r--r--  1 root     root     7.1K May  7 06:30 readme.html
drwxr-xr-x  8 www-data www-data 4.0K May  7 23:08 wp-content
-rw-r--r--  1 root     root      25K May 25 06:23 error_log
-rw-r--r--  1 root     root      792 May 30 14:50 2.htaccess
-rw-r--r--  1 root     root      241 May 30 14:51 .offline.htaccess
drwxr-xr-x  6 root     root     4.0K May 30 14:55 ..
drwxr-xr-x  5 root     root     4.0K Jun  1 07:25 .

I have removed the .httaccces from SiteB configuration as I tried to eliminate that variable for casuing my site to receive the 403 error You don't have permission to access / on this server

/etc/apache2/sites-available
cat SiteA.conf
# public: /var/www/SiteA/public_html/

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin webmaster@SiteA
  ServerName  www.SiteA
  ServerAlias SiteA

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/SiteA/public_html
  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/SiteA/log/error.log
  CustomLog /var/www/SiteA/log/access.log combined
</VirtualHost>

/etc/apache2/sites-available
cat SiteBroken.conf
# domain: SiteBroken
# public: /var/www/SiteBroken/public_html/

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin webmaster@SiteBroken
  ServerName  www.SiteBroken
  ServerAlias SiteBroken

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/SiteBroken/public_html
  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/SiteBroken/log/error.log
  CustomLog /var/www/SiteBroken/log/access.log combined
</VirtualHost>

diff SiteA.conf SiteBroken.conf 
1,3c1,2
< 
< 
< # public: /var/www/SiteA/public_html/
---
> # domain: SiteBroken
> # public: /var/www/SiteBroken/public_html/
7,9c6,8
<   ServerAdmin webmaster@SiteA
<   ServerName  www.SiteA
<   ServerAlias SiteA
---
>   ServerAdmin webmaster@SiteBroken
>   ServerName  www.SiteBroken
>   ServerAlias SiteBroken
13c12
<   DocumentRoot /var/www/SiteA/public_html
---
>   DocumentRoot /var/www/SiteBroken/public_html
16,17c15,16
<   ErrorLog  /var/www/SiteA/log/error.log
<   CustomLog /var/www/SiteA/log/access.log combined
---
>   ErrorLog  /var/www/SiteBroken/log/error.log
>   CustomLog /var/www/SiteBroken/log/access.log combined
19,20d17
< 



/etc/apache2/sites-available
total 44K
-rw-r--r-- 1 root root 6.3K Jan  7  2014 default-ssl.conf
-rw-r--r-- 1 root root 1.4K Jan  7  2014 000-default.conf
-rw-r--r-- 1 root root  626 Mar 31 00:42 SiteA.conf
drwxr-xr-x 8 root root 4.0K Jun  1 07:13 ..
-rw-r--r-- 1 root root  713 Jun  1 07:16 SiteBroken.conf
drwxr-xr-x 2 root root 4.0K Jun  1 07:16 .

I noticed this error message in the error log from yesterday when I was trouleshooting.

/var/www/SiteBroken/log$ cat error.log 
[Tue Mar 31 03:22:14.410438 2015] [:error] [pid 25622] [client 113.123.33.183:47379] script '/var/www/SiteBroken/public_html/phpinfo.php' not found or unable to stat

SiteA which is running perfectly fine has all the same wordpress files and such, there is no phpinfo.php file in SiteA's directory, I am unsure as to why one site is running but I am unable to view SiteB

I recently chown of the entire public_html directory to www-data but this still did not resolve the 403 error message.

sudo chown -R www-data:www-data /var/www/SiteBroken/public_html/
drwxr-xr-x 5 www-data www-data 4.0K Jun  1 07:25 public_html

Enabled log level debuging and all I see is the output form stopping and restating apache, in addition to this missing `/var/www/html/moadmin.php' file and whether or not this file is necessary

[Mon Jun 01 07:25:38.832460 2015] [mpm_prefork:notice] [pid 9847] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Mon Jun 01 07:25:38.832538 2015] [core:notice] [pid 9847] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jun 01 08:27:58.649847 2015] [mpm_prefork:notice] [pid 9847] AH00169: caught SIGTERM, shutting down
[Mon Jun 01 08:27:59.551789 2015] [mpm_prefork:notice] [pid 10198] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Mon Jun 01 08:27:59.551885 2015] [core:notice] [pid 10198] AH00094: Command line: '/usr/sbin/apache2'
[Mon Jun 01 10:43:46.042411 2015] [:error] [pid 10208] [client 89.248.172.27:51451] script '/var/www/html/moadmin.php' not found or unable to stat
[Tue Jun 02 07:53:47.086020 2015] [mpm_prefork:notice] [pid 10198] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:53:48.203046 2015] [mpm_prefork:notice] [pid 12370] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:53:48.203105 2015] [core:notice] [pid 12370] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 07:57:14.417485 2015] [mpm_prefork:notice] [pid 12370] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:57:15.280777 2015] [mpm_prefork:notice] [pid 12515] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:57:15.280852 2015] [core:notice] [pid 12515] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 07:59:45.902752 2015] [mpm_prefork:notice] [pid 12515] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 07:59:47.017507 2015] [mpm_prefork:notice] [pid 12653] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 07:59:47.017577 2015] [core:notice] [pid 12653] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:05:59.014895 2015] [mpm_prefork:notice] [pid 12653] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:06:00.124043 2015] [mpm_prefork:notice] [pid 12787] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:06:00.124101 2015] [core:notice] [pid 12787] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:23:09.214883 2015] [mpm_prefork:notice] [pid 12787] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:23:10.332498 2015] [mpm_prefork:notice] [pid 13039] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:23:10.332556 2015] [core:notice] [pid 13039] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jun 02 08:40:06.186778 2015] [mpm_prefork:notice] [pid 13039] AH00169: caught SIGTERM, shutting down
[Tue Jun 02 08:40:07.305531 2015] [mpm_prefork:notice] [pid 13491] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.7 configured -- resuming normal operations
[Tue Jun 02 08:40:07.305595 2015] [core:notice] [pid 13491] AH00094: Command line: '/usr/sbin/apache2'

Update: ls -la

/var/www$ ls -la
total 48
drwxr-xr-x  7 root root     4096 Jun  2 08:21 .
drwxr-xr-x 14 root root     4096 Mar 28 14:40 ..
drwxr-xr-x  5 root root     4096 Mar 31 00:42 SiteA (working website)
drwxr-xr-x  2 root root     4096 May 30 12:50 html
drwxr-xr-x  6 root www-data 4096 May 30 14:55 SiteBroken

Update 6/6/15

I modified the apache.conf file after reading several other SE posts, to the following:

    <Directory />
        Options FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

I even added my full document root in there to test everything and anything:

<Directory /var/www/html/SiteBroken/public_html>
        Options FollowSymLinks
        AllowOverride all 
        Require all granted
</Directory>

Now my SiteBroken does appear and generates when I point my browser to the URL, however, now I am unable to nagigate to any pages, i.e. www.sitebroken.com/foo or www.sitebroken.com/bar

I've been told my Virutal Server cannot read the php files? Is this so?

/var/www/html/SiteBroken/public_html$
total 188K
-rw-r--r--  1 root     root     3.0K Apr  4 20:23 xmlrpc.php
-rw-r--r--  1 root     root     4.0K Apr  4 20:23 wp-trackback.php
-rw-r--r--  1 root     root      25K Apr  4 20:23 wp-signup.php
-rw-r--r--  1 root     root      11K Apr  4 20:23 wp-settings.php
-rw-r--r--  1 root     root     8.1K Apr  4 20:23 wp-mail.php
-rw-r--r--  1 root     root      33K Apr  4 20:23 wp-login.php
-rw-r--r--  1 root     root     2.7K Apr  4 20:23 wp-load.php
-rw-r--r--  1 root     root     2.4K Apr  4 20:23 wp-links-opml.php
-rw-r--r--  1 root     root     2.9K Apr  4 20:23 wp-cron.php
-rw-r--r--  1 root     root     2.7K Apr  4 20:23 wp-config-sample.php
-rw-r--r--  1 root     root     4.9K Apr  4 20:23 wp-comments-post.php
-rw-r--r--  1 root     root      271 Apr  4 20:23 wp-blog-header.php
-rw-r--r--  1 root     root     4.9K Apr  4 20:23 wp-activate.php
-rw-r--r--  1 root     root     7.1K Apr  4 20:23 readme.html
-rw-r--r--  1 root     root      20K Apr  4 20:23 license.txt
-rw-r--r--  1 root     root      418 Apr  4 20:23 index.php
drwxr-xr-x 12 root     root     4.0K Jun  6 18:17 wp-includes
drwxr-xr-x  6 www-data www-data 4.0K Jun  6 18:17 wp-content
drwxr-xr-x  5 root     root     4.0K Jun  6 18:17 .
drwxr-xr-x  9 root     root     4.0K Jun  6 18:17 wp-admin
drwxr-xr-x  5 root     root     4.0K Jun  6 18:17 ..
-rw-r--r--  1 root     root     3.5K Jun  6 19:03 wp-config.php

Like I said in one of my comments, I have another site, SiteA completely mirror to SiteBroken's configurations and I am stumped how one site can work and the other, SiteBroken, receives then 403 errors and now a 404 error. The requested URL /foo/ was not found on this server.

I have been making use of these questions https://askubuntu.com/questions/448944/where-to-place-my-local-website-starting-with-the-2-4-7-version-of-apache2 and https://stackoverflow.com/questions/6959189/apache-virtualhost-403-forbidden

I also briefly installed nginx and ran into a similar problem where I believe nginx was unable to read my php files?

Answer 1

Changing ownership to www-data:www-data with r/w permissions for the folders hosting the content will allow the httpd process to write to this folder which, depending on the complexity of the application and it's security, might give a hacker a way to overwrite legit code with stuff of his or her own choosing.

Likely the issue is you need to add the execute bit to the parent folders and change groups:

chmod g=rx /var/www/SiteA 
chown root:www-data /var/www/SiteA 

chmod g=rx /var/www/SiteA/public_html 
chown root:www-data /var/www/SiteA/public_html 

Without the execute bit the process cannot descend in to the folder to read the files, even if it owns them.

Answer 2

Try to configure your http-xampp

you'll find this code there :

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
         Require local
    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

Try to change this with this :

<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
         Require local
         Require ip 192.120.203 // ip address of another pc or I would say the start of the ipaddress .
    ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>

This works for me when I got that error. Hope it also work for you.

Answer 3

Change ownership to www-data instead of root. You can do this with chown like this:

$ sudo chown -R www-data:www-data /var/www/SiteA/public_html

This will make www-data the owner of all files/directories under public_html.

Answer 4

Try putting this in your VirtualHost:

<Directory /var/www/SiteBroken/public_html/>
   Require all granted
</Directory>

It is generally very bad practice to make the entire WordPress installation owned by www-data (even for testing). This will allow the Apache process to write files anywhere in your directory tree, including PHP files. I have experienced well over a dozen sites in only the past 3 months that have been hacked this way. Attackers can then install anything they want - backdoor shells, spam bots, anything. They can also read your wp-config.php file which contains all of your database credentials. This can also result in the attacker perusing other site directories (i.e. SiteA) and gaining full access to that database as well.

Not sure if the Require all granted above will help, but I do know that Apache 2.4 is different from 2.2 with its security mechanisms and this has helped me in the past.