Home > Article > Operation and Maintenance > How to solve apache 403 forbidden
How to solve apache 403 forbidden?
apache httpd server 403 forbidden problem
1. Problem description
In the httpd configuration of apache2 , 403 will appear in many situations.
Just installed the httpd service, of course there will be no 403 problem. It mainly occurred after modifying some configurations. The problem is described as follows:
After modifying the DocumentRoot directory pointing, a 403 error occurred on the site.
Setting up a virtual host directory may also cause 403.
Apache's httpd service started successfully. It looks normal, but it does not have permission to access.
The log appears: access to / denied (filesystem path '/srv/lxyproject/wsgi/django.wsgi ') because search permissions are missing on a component of the path
After setting the virtual directory, the error log appears: client denied by server configuration: /srv/lxyproject/wsgi/django.wsgi
2. Analysis of problems and solutions
Pay attention to the error log content when solving the problem step by step below. OK, start.
1. Directory configuration file in httpd.conf
If it shows that the DocumentRoot has been changed, for example, it is changed to "/usr/local/site/test". The site directory and test directory are created by using mkdir, and then an index.html is placed under the test directory. In this case, you should check the configuration in httpd.conf.
Your 055616abb69b52339271a1cffd27ee59 must be consistent with DocumentRoot, because this Directory is Apache's access permission setting for the directory. Only the correct directory is set, DocumentRoot will take effect.
<Directory "/usr/local/site/test"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # Require all granted </Directory>
2. Directory access permissions
The first step is correct if the configuration is still 403, check whether there is Deny from in the directory configuration 055616abb69b52339271a1cffd27ee59 all. Otherwise, all access will be denied, of course, 403.
Can be set to Allow from all or Require all granted to process.
Do not modify Deny from all in the root directory of 7d50add1c973852b0a9343a1c5b78333.
3. Directory permissions
If it is still 403, it may be a permission issue with the website directory.
Apache requires the directory to have execution permissions, which is x. It should be noted that your directory tree should have these permissions.
If your directory is /usr/local/site/test, then ensure the four levels of /usr, /usr/local, /usr/local/site, /usr/local/site/test All directories have 755 permissions.
#chmod 755 /usr/local/site #chmod 755 /usr/local/site/test
One mistake I made was that I only set the last-level directory permissions and did not set the upper-level directory permissions, resulting in 403.
4. Virtual Directory
[I have never encountered this problem, because I have never written it like this. The online information says this, which can be used as a reference]
If it is set is a virtual directory, then you need to define a virtual directory in httpd.conf, and it looks like the following fragment:
Alias /folder "/usr/local/folder" <Directory "/usr/local/folder"> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.1 192.168.1.1 </Directory>
If this is the case, and you write something similar to my code above, three Every folder is the same, it will definitely be 403! How to solve it is to change the string after the slash after Alias. Change it to something that does not have the same name as the folder of the virtual directory. Then I can use the changed virtual directory to access it. Of course, change it. Folders are also OK, as long as you are not afraid of trouble and as long as the virtual directory definition characters (red) behind Alias and the actual folder name (black) are different, it will be OK.
5. Selinux problem
If it is still 403, then selinux is causing trouble. Therefore, you can set the selinux permissions on your directory.
I encountered this problem today.
#chcon -R -t httpd_sys_content_t /usr/local/site #chcon -R -t httpd_sys_content_t /usr/local/site/test
Online information says that most of this step will not happen. But my problem is indeed that it may be related to the system, and I don’t quite understand the specific principle.
6. Problems with wsgi
My virtual host configuration is:
<VirtualHost *:80> WSGIScriptAlias / /srv/lxyproject/wsgi/django.wsgi Alias /static/ /srv/lxyproject/collectedstatic/ ServerName 10.1.101.31 #ServerName example.com #ServerAlias www.example.com <Directory /srv/lxyproject/collectedstatic> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <Directory /srv/lxyproject/wsgi/> Allow from all </Directory> ErrorLog /etc/httpd/logs/lxyproject.error.log LogLevel warn </VirtualHost>
I access the
log error:
client denied by server configuration: /srv/lxyproject/wsgi/django.wsgi
Solution Method:
Modify Allow from all in a84c9d6c966af598e4332f18bd310657 to: Require all granted.
This problem is due to the version.
My httpd version is:
[root@yl-web conf.d]# rpm -qa |grep httpd httpd-devel-2.4.6-31.el7.centos.x86_64 httpd-tools-2.4.6-31.el7.centos.x86_64 httpd-2.4.6-31.el7.centos.x86_64
For versions below 2.3, use Allow from all, and for versions 2.3 and above, use Require all granted. .
<Directory /home/aettool/aet/apache> <IfVersion < 2.3 > Order allow,deny Allow from all </IfVersion> <IfVersion >= 2.3> Require all granted </IfVersion> </Directory>
The above is the detailed content of How to solve apache 403 forbidden. For more information, please follow other related articles on the PHP Chinese website!