Apache RewriteEngine On causes 403 error

Question

I have a Linux box running Centos 6.6 with Apaches 2.2.x For some unknown reason, turning on the rewrite engine causes a 403 error (this happens whether I add a rewrite rule or not).

I have spent hours researching this and have made changes to my config in accordance with advice I have found in many places, but still got nowhere.

Currently in my .htaccess I have this:

<IfModule mod_rewrite.c>  
Options +FollowSymLinks  
RewriteEngine On  
</IfModule>

In the directives for the virtual host, I have this:

DocumentRoot /var/www/html/example.uk  
<Directory /var/www/html/example.uk>  
Options Indexes FollowSymLinks MultiViews  
AllowOverride All
Order allow,deny
allow from all
</Directory>
ServerName example.uk  
ServerAlias www.example.uk

(This seems to work in a Debian box, but not for my Centos machine.)

In my httpd.conf I have changed

AllowOverride None

to

AllowOverride All

my httpd.conf also contains LoadModule rewrite_module modules/mod_rewrite.so

Error log says:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk

Now, I have previously added SymLinksIfOwnerMatch to the directives, but it didn't solve the problem.

I followed this and all seemed to go as it should.

what page are you getting the 403? Do you have an index file in that location? — Panama Jack, Apr 23 '15 at 05:53
@PanamaJack the root. There is an index.php there, which displays fine if I comment out RewriteEngine On — Jez D, Apr 23 '15 at 06:15
check your apache log file and see what error it's saying why you're getting 403 — Panama Jack, Apr 23 '15 at 12:44
Do you have access to your logs? if so, check them and put logs for a single request here! — undone, May 01 '15 at 12:50
@undone `Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/example.uk/` — Jez D, May 01 '15 at 15:54
Did you try to enable FollowSymLinks but disable SymLinksIfOwnerMatch? — Capsule, May 06 '15 at 01:26

score 2 · Answer 1 · answered May 01 '15 at 13:58

2

This happens when Apache doesn't have execute rights for

/var
/var/www
/var/www/html
/var/www/html/example.uk

Run:

chmod o+x /var /var/www /var/www/html /var/www/html/example.uk

answered May 01 '15 at 13:58

Pedro Lobito

94,083
31
258
268

I tried this and restarted apache. Still didn't work. – Jez D May 01 '15 at 15:55
No, still have the problem. – Jez D May 04 '15 at 18:55
1

This actually helped me. Apache was the owner, but didn't have execution rights. chmod to /var/www/html 755 did the trick – Imtiaz Aug 27 '20 at 14:47

bastien · Answer 2 · 2015-05-05T10:03:15.047

Since apache version >= 2.4 directive

Order allow,deny
allow from all

leads to a global 403, to ensure this if you check you're apache's log :

[Tue May 05 11:54:32.471679 2015] [authz_core:error] [pid 9497] [client 127.0.0.1:35908] AH01630: client denied by server configuration: /path/to/web/

Comment Directive Order and add Require all granted like bellow:

 Require all granted
 #Order allow,deny
 #allow from all

Hope this help.

Edit :

explanation from apache This behaviour is provided by new module mod_authz_host

For list of restriction available (ip, host, etc) http://httpd.apache.org/docs/2.4/en/mod/mod_authz_host.html

Thanks, but that resulted in a 500 error. I think I will just have to forget about using .htaccess and use PHP instead. — Jez D, May 06 '15 at 05:47

score 1 · Answer 3 · answered Apr 23 '15 at 14:17

1

You should remove this line from htaccess

Options +FollowSymLinks

You already have it in the apache vhost file. Also if you should add a rule if you're going to turn on mod_rewrite or there is no point to turning it on.

answered Apr 23 '15 at 14:17

Panama Jack

24,158
10
63
95

Did you add a rewriterule? – Panama Jack Apr 23 '15 at 14:27
added `RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://example.uk/$1 [R,L]` still got 403 error – Jez D Apr 23 '15 at 14:35
When you added this to the vhost file did your restart apache? – Panama Jack Apr 23 '15 at 14:41
Yes, I restarted apache – Jez D Apr 23 '15 at 15:04
Try changing `Indexes` to `-Indexes` in the vhost and restart. – Panama Jack Apr 23 '15 at 15:08
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/76080/discussion-between-jez-d-and-panama-jack). – Jez D Apr 23 '15 at 15:15
The chat rooms doesn't seem to be displaying right. Dude something else then is messed up with the configuration. Check the permissions on the htaccess file make sure it's 644. Or try and redo your setup. – Panama Jack Apr 23 '15 at 15:57

Robert Chapin · Answer 4 · 2020-05-07T21:57:20.567

1

Another possibility with Apache 2.4 is caused by Options -FollowSymlinks which will also throw a 403 error and generate the following log:

AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions

This was not the case in the original post, but if it comes up you would need to re-enable FollowSymLinks using this line:

Options +FollowSymLinks

edited May 07 '20 at 21:57

answered May 06 '20 at 13:23

Robert Chapin

330
2
14

Thanks for your contribution. To add clarity, & to round out your post as a complete answer, may I suggest adding the exact code needed to re-enable `FollowSymLinks`. This way a user not as familiar with this technology could apply your suggestion without first being required to do additional research to learn how. Completely self-contained answers are more useful, & more likely to be upvoted. Simply adding 1 line of code to the end of your post would be an excellent addition. If this is something people might want to read more about, adding a source link, if you have one, is always welcomed. – SherylHohman May 06 '20 at 19:49

Apache RewriteEngine On causes 403 error

4 Answers4