Symfony on Heroku: 403 Forbidden You don't have permission to access / on this server
Asked Answered
B

4

10

I've successfully deployed my Symfony 2 App to Heroku but now, when I'm trying to access it, I receive the following 403 error:

Forbidden

You don't have permission to access / on this server.

This is the log from Heroku:

2015-07-29T14:31:41.827491+00:00 heroku[router]: at=info method=GET path="/" host=my-app.herokuapp.com request_id=557a70f4-ea11-4519-b8df-301b714f6ffa fwd="151.77.103.253" dyno=web.1 connect=0ms service=1ms status=403 bytes=387
2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
2015-07-29T14:31:41.829009+00:00 app[web.1]: 10.100.0.139 - - [29/Jul/2015:14:31:41 +0000] "GET / HTTP/1.1" 403 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.125 Safari/537.36

It seems that Symfony (or Heroku?) is trying to serve the directory /app/ but I think this is not correct, as from the logs:

2015-07-29T14:31:41.828428+00:00 app[web.1]: [Wed Jul 29 14:31:41.827438 2015] [autoindex:error] [pid 104:tid 140466989270784] [client 10.100.0.139:16096] AH01276: Cannot serve directory /app/: No matching DirectoryIndex (index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive

Following the tutorial on the Symfony Documentation about how to deploy to Heroku, I've created my .procfile and into I've put:

web: bin/heroku-php-apache2 web/

I've also removed the DemoBundle, and now my root URL is configured in the DefaultController in this way:

<?php

// \AppBundle\Controller\DefaultController.php

namespace AppBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

class DefaultController extends Controller
{
    /**
     * @Route("/", name="Homepage")
     */
    public function indexAction()
    {
        return $this->render('default/index.html.twig');
    }
}

I think, in the end, there are some problems with my .htaccess, that is the one shipped with Symfony Standard Edition:

# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Determine the RewriteBase automatically and set it as environment variable.
    # If you are using Apache aliases to do mass virtual hosting or installed the
    # project in a subdirectory, the base path will be prepended to allow proper
    # resolution of the app.php file and to redirect to the correct URI. It will
    # work in environments without path prefix as well, providing a safe, one-size
    # fits all solution. But as you do not need it in this case, you can comment
    # the following 2 lines to eliminate the overhead.
    RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
    RewriteRule ^(.*) - [E=BASE:%1]

    # Sets the HTTP_AUTHORIZATION header removed by apache
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect to URI without front controller to prevent duplicate content
    # (with and without `/app.php`). Only do this redirect on the initial
    # rewrite by Apache and not on subsequent cycles. Otherwise we would get an
    # endless redirect loop (request -> rewrite to front controller ->
    # redirect -> request -> ...).
    # So in case you get a "too many redirects" error or you always get redirected
    # to the start page because your Apache does not expose the REDIRECT_STATUS
    # environment variable, you have 2 choices:
    # - disable this feature by commenting the following 2 lines or
    # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
    #   following RewriteCond (best solution)
    RewriteCond %{ENV:REDIRECT_STATUS} ^$
    RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]

    # If the requested filename exists, simply serve it.
    # We only want to let Apache serve files and not directories.
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule .? - [L]

    # Rewrite all other queries to the front controller.
    RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>

<IfModule !mod_rewrite.c>
    <IfModule mod_alias.c>
        # When mod_rewrite is not available, we instruct a temporary redirect of
        # the start page to the front controller explicitly so that the website
        # and the generated links can still be used.
        RedirectMatch 302 ^/$ /app.php/
        # RedirectTemp cannot be used instead
    </IfModule>
</IfModule>

Another part of my App could be the cause of this issue: security.yml, that currently is this:

# you can read more about security in the related section of the documentation
# http://symfony.com/doc/current/book/security.html
security:
# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

# http://symfony.com/doc/current/cookbook/security/acl.html#bootstrapping
acl:
    connection: default

# http://symfony.com/doc/current/book/security.html#hierarchical-roles
role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    # ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
    ROLE_SUPER_ADMIN: ROLE_ADMIN

# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
providers:
    fos_userbundle:
        id: fos_user.user_provider.username_email

# the main part of the security, where you can set up firewalls
# for specific sections of your app
firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_provider: security.csrf.token_manager
        logout:    true
        anonymous: true

    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

# with these settings you can restrict or allow access for different parts
# of your application based on roles, ip, host or methods
# http://symfony.com/doc/current/cookbook/security/access_control.html
access_control:
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }

But, accessing http:// my-app.herokuapp.com/login (that seems to be "open to the world"), I receive anyway a beautiful 404 error:

Not Found

The requested URL /login was not found on this server.

So, which could be the problem? Which setting is preventing me from accessing my Symfony App on Heroku?

Baguio answered 29/7, 2015 at 14:53 Comment(0)
B
17

It is not possible. more than 3 hours to find a solution. A solution that could not be found in all the code I posted here.

A really, simple, stupid, small solution: the procfile name. Are you noticing? I'm writing it all in lowercase letters.

The solution? Procfile, with the first letter in uppercase.

It was an hell, but finally I have my app up and running! :D

Baguio answered 29/7, 2015 at 17:35 Comment(1)
so I am at the same spot going crazy as it been over 11 hours now that i am trying to find the solution to this, my Profile name is correct but still i am getting the same error. I will really appreciate if you can let me know if i am missing something #41151364Daegal
C
7

The easiest way to do this is to type that line without quotation mark.

For Example

web: vendor/bin/heroku-php-apache2 public/
Callen answered 24/2, 2019 at 16:50 Comment(0)
G
1

Incase anyone still having this problem you can try to replace the double quotes with single quotes in the Procfile

Example

"web: vendor/bin/heroku-php-apache2 public/"

Should be

'web: vendor/bin/heroku-php-apache2 public/'
Glum answered 24/2, 2019 at 6:23 Comment(0)
N
1

Check for this notice when deploying: NOTICE: No Procfile, using 'web: heroku-php-apache2'. For me, there was no difference after I wrote web: heroku-php-apache2 public/ directly in Heroku cloud settings. Then I found this solution and it works.

If you are not on the local master branch while deploying the code to Heroku, you will end up with errors. You need to push to Heroku master while you are on your local master branch. This is the default setup.

In other words, new docroot can be set only from Procfile and deployment should be pushed from local master branch.

Normalcy answered 25/2, 2021 at 13:28 Comment(1)
Please answer the question here too because sometimes sites go offline or links die and a visitor will not be able to do much with a dead linkPopele

© 2022 - 2024 — McMap. All rights reserved.