Debugging why I get "You don't have permission to access" in Apache 2.4

Asked 26/11, 2014 at 22:48 Answered 11/10, 2019 at 10:18

Solved apache vhosts hosts apache2.4 hosts-file

I am trying to create a local environment in Linux/Ubuntu.

I have install Apache 2.4.7 (using apt-get).

I have changed my /etc/hosts to this:

127.0.0.1   example.dev
127.0.0.1   localhost
...

I also added a file "example.dev.conf" to "/etc/apache2/sites-available" which looks like this:

<VirtualHost *:80>
    ServerName example.dev
    DocumentRoot "/home/yahya/path/to/projec"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <Directory "/home/yahya/path/to/project">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

But when I go to example.dev I get the following message:

403 Forbidden! You don't have permission to access / on this server.

I also edited apache.conf part for <Directory /> from suggestions from this link: Forbidden You don't have permission to access / on this server and Error message "Forbidden You don't have permission to access / on this server"

from:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory />
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All
    Order deny,allow
    Require all granted
</Directory>

I have used a2ensite. But still does not work.

Bynum answered 26/11, 2014 at 22:48 Comment(9)

What are the permissions on the folder? Can the apache user (usually www-data, I think...) access it? Also, have you enabled the site with a2ensite example.dev – Anabranch 26/11, 2014 at 22:50

But still does not work!!! does www-data have enough permissions to list files in the folder /home/yahya/path/to/projec? – Informed 26/11, 2014 at 22:50

I have used a2ensite – Bynum 26/11, 2014 at 22:51

I ama able to access any files in Wwww/html/...W through "localhost/..." – Bynum 26/11, 2014 at 22:55

what do you mean does www-data. What is "www-data" and how do I check if it has "enough" permssions – Bynum 26/11, 2014 at 22:56

@YahyaUddin we are not talking about you, but about the user under which Apache is running. ls -la in the folder and up, to check that www-data has access to it. askubuntu.com/questions/43485/… and so on. Before doing anything in Linux you have to learn basics about, at least, permissions. Otherwise you can just damage the whole system. – Informed 26/11, 2014 at 22:56

If you list the permissions on /home/yahya/path/to/projec with ls -la /home/yahya/path/to/projec You will see the folder's owner. The user www-data needs read access to this folder. – Anabranch 26/11, 2014 at 23:0

@Anabranch not only read, but execute permission to list files too. – Informed 26/11, 2014 at 23:2

So you do :) My mistake! – Anabranch 26/11, 2014 at 23:4

Even if the solution is probably not that, you should check first that apache can access to you directory. This mean that your folder should have the read right to "others" or learn how to configure acls on linux.

$ ls -la /home/nek
# ...
drwxrwxr-x   6 nek  nek    4096 nov.  19 21:07 MyFolderOfDev

The important part is the last part of permissions: "r-x". If you don't have something like that uses this command:

$ chmod -R 755 MyFolderOfDev

Your original configuration looks good to me. Checkout if you doesn't have a conflict with another vhost. But here is my configuration and it works pretty good:

# Defining virtualhost
<VirtualHost *:80>
# This is not needed but seriously recommended
        ServerAdmin [email protected]
# This line is your host name (example.dev if you prefere)
        ServerName nekland
# You can add another server name using ServerAlias
    ServerAlias nekland.dev
# Path to your folder
    DocumentRoot /home/nek/Apache/SymfonyProject/web/
# Here are options neeeded to authorizations and I added some classical options
        <Directory /home/nek/Apache/SymfonyProject/web/>
                AllowOverride All
                Options -Indexes +FollowSymLinks +MultiViews
                Require all granted
        </Directory>
# For the error file, exactly like you did
        ErrorLog /var/log/apache2/nekland.err
        LogLevel warn
        CustomLog /var/log/apache2/nekland.log combined
# A little bonus that remove the server signature from http requests
        ServerSignature Off
</VirtualHost>

Of course do not forget to reload apache after each modification.

$ sudo service apache2 reload

And if nothing works... Check your logs ! That's the better way to find why your requests does work.

Hot answered 26/11, 2014 at 23:13 Comment(3)

Thanks so much. I did not know that Apache access my files from another user. MANY THANKS! – Bynum 26/11, 2014 at 23:16

Actually that's the www-data user on ubuntu/debian but it can be http on some other distributions. – Hot 26/11, 2014 at 23:18

Changing permissions to my destination folder only wasn't enough for me. I had to change both parent folders, so /home and /home/myusername as well. All described here: askubuntu.com/a/507186/420084 – Plebs 14/6, 2015 at 17:24

Although the original problem is solved, here are some more ideas for debugging:

tail -f /var/log/apache2/error.log See if apache is trying to access the directory with your site or /var/www/. In the latter case, apache2 does not pick up your virtualhost.
list virtual hosts: apache2ctl -S. Is you virtual host listed there?
does a2ensite your.page.com work or prints an error?
apache 2.4 requires config files in /etc/apache2/sites-available to end with .conf. This wasn't a requirement in earlier versions and may cause problems after an upgrade.

Brig answered 13/1, 2019 at 21:16 Comment(0)

I've just spent a couple of hours on this and came to conclusions which may be of interest to some. Not configuring a "virtual host" - I don't know what that is. This is just a standard Apache setup.

OS: Linux Mint 18.3 (based on Ubuntu Xenial)

Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-04-18T14:53:04

What I seem to have found is that permissions and ownership may be important, but very important also is to set the right things in a file called /etc/apache2/sites-available/000-default.conf.

This obviously has to be edited as root.

I have made the following changes:
1) DocumentRoot: change as follows:

# DocumentRoot /var/www/html (i.e. default commented out)
DocumentRoot "/media/mike/W10 D drive/My Documents/localhost"

and
2) tweak one "Directory" directive and add a new one:

<Directory />
            Options FollowSymLinks

# changed by me - NB this may or may not be important
#            AllowOverride None
             AllowOverride All 

</Directory>
# new "Directory" directive: appears to be crucial
<Directory /media/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Require all granted
</Directory>

NB I found that once I gave these settings or whatever they are to the directory "/media", that everything under /media, including my DocumentRoot as configured above (/media/mike/W10 D drive/My Documents/localhost), became usable: 403 gone!

Revanchism answered 11/10, 2019 at 10:18 Comment(0)

Recommended topics

Hot tags