Login/Register
Wampserver 403 on named virtual hosts outside of /www
Asked Answered
Solved wampvirtualhostwampserverhttp-status-code-403
A

5

11

Wampserver tells me accessed denied when I try making a virtual host outside of the c:/wamp/www/ directory. I can make one fine within that directory. Even making a symbolic link to the folder works, but I would rather not have to use symbolic links. Why doesn't it work?

Here is the code I use at the end of httpd.conf

NameVirtualHost *:80

<VirtualHost *:80>  
DocumentRoot "c:/wamp/www" 
ServerName localhost 
ServerAlias localhost 
</VirtualHost> 

<VirtualHost *:80>
ServerName local.cascade
DocumentRoot c:/wamp/www/cascade/
</VirtualHost>

<VirtualHost *:80>
ServerName local.md9
ServerAlias local.md9
DocumentRoot "m:/Work/New MD9.ca/site/"
</VirtualHost>

<Directory "m:/Work/New MD9.ca/site/">
    Order Allow,Deny
    Allow from All
</Directory>

The "cascade" vh works fine.

Armadillo answered 2/6, 2012 at 2:5 Comment(5)
Do your filesystem permissions allow access?Ious
Sure why not? What needs permission?Armadillo
Not all systems allow the web server user account access to everything by default.Ious
What is the web server user account and how do I allow it access?Armadillo
I saw that the user and group is set to "daemon" in httpd.conf but in the task manager it says httpd.exe is running as SYSTEM. Didn't really matter though.Armadillo
A
26

I guess I should have looked at the http.conf more carefully. It's not that long, mostly comments. The troublesome part was this.

# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other 
# <Directory> blocks below.
#

<Directory />
    AllowOverride none
    Require all denied
</Directory>

I commented it out and now stuff works, although I guess it's less secure, but it is just a testing server.

I thought the <Directory "m:/Work/New MD9.ca/site/"> bit was supposed to take care of it but I guess not.

Armadillo answered 3/6, 2012 at 4:44 Comment(2)
Great solution! I also have found this here http://reanweb.com/wordpress/step-step-guide-create-virtual-hosts-using-wamp/. In case someone try to find the whole processUnpeople
@Moss, Although, you are not worried about security as it is a testing server, but I would mention for others that you can leave that directory tag uncommented, and another directory tag with path to your vhost web folder, but use "AllowOverride all" instead of "AllowOverride none", that would leave it secure as well as usable.Mumbletypeg
W
18

I know the question is old now and you have got it working, but I came up against this issue and solved it without removing the Require all denied tag.

You just have to add a Require local (or Require all for online access) tag to the Directory tag. e.g.

<VirtualHost *:80>
    ServerName local.md9
    ServerAlias local.md9
    DocumentRoot "m:/Work/New MD9.ca/site/"

    <Directory "m:/Work/New MD9.ca/site/">
        Order Allow,Deny
        Allow from All
        Require local
    </Directory>
</VirtualHost>

You can see the same rule declared in DocumentRoot directory in httpd.conf

Wendiewendin answered 3/1, 2013 at 10:28 Comment(0)
S
4

I had the same issue but managed to resolve after looking at this question.

However, the accepted answer maybe isn't the best solution, depending on how secure you want your Apache configuration to be.

I think the solution should mention two things, first ensuring security isn't compromised and second; understanding the difference in access control configuration between Apache versions 2.2 and 2.4.

Ensuring security isn't compromised

Commenting out the suggested lines:

<Directory />
    AllowOverride none
    Require all denied
</Directory>

Means you remove the default strict security applied to ALL directories on your machine, as I understand it. Someone else could create a configuration pointing to your C:\very\sensitive\information directory and serve up content from there to a website (which is most likely to be a concern on a shared host). Interestingly, the following comment is made above that block:

# First, we configure the "default" to be a very restrictive set of 
# features.

Then beneath that block:

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.

It makes complete sense to lock everything down, then conditionally unlock per directory.

I came up with the following which points to the location on my machine where all my websites (served up via Apache virtual hosts) will live. This immediately follows the <Directory "d:/wamp/www/"></Directory> block.

<Directory "d:/wamp/sites/">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

Then within each of your virtual host configurations/aliases you can set the configuration that applies to that directory.

Difference in access control configuration

Configuring access control in more recent versions of Apache has changed.

What used to be:

Order allow,deny
Allow from all

Should now be:

Require all granted

For more info: http://httpd.apache.org/docs/current/upgrading.html

Shoifet answered 1/10, 2014 at 12:25 Comment(0)
C
3

The <Directory> tag should be inside the <VirtualHost *:80>

like this:

<VirtualHost *:80>
ServerName local.md9
ServerAlias local.md9
DocumentRoot "m:/Work/New MD9.ca/site/"
    <Directory "m:/Work/New MD9.ca/site/">
        Order Allow,Deny
        Allow from All
    </Directory>
</VirtualHost>

also note that for outside the default www folder you should use require instead of allow

<Directory />
    AllowOverride none
    Require all denied
</Directory>
Cellarage answered 9/12, 2012 at 15:57 Comment(0)
N
1

If you tried all the .conf edits above and none worked, try the following additional steps:

1) Make sure DocumentRoot and <Directory> locations are the same!

2) Double check "ServerName" domain spelling within your <VirtualHost> tags, and also check spelling of domain is the same in the HOST file (windows\system32\drivers\etc\hosts):

Example:

<VirtualHost *:80>
    DocumentRoot "D:/vhost_directory/website_directory"
    ServerName mywebsite.local
    <Directory "D:/vhost_directory/website_directory">
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

3) Check conf files syntax:

cd \wamp\bin\apache\apache2.4.9\bin
httpd -t

4) Fix conf file errors until you get the output:

Syntax OK

5) Refresh domain name cache (must run console as administrator):

net stop dnscache
net start dnscache

6) Restart Apache service or Restart All Services on WAMP

Nita answered 26/1, 2015 at 13:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.