- Apache2 virtualhost 403 forbidden?
- “Forbidden – You don’t have permission to access / on this server” Error
- Demystifying the Forbidden Error
- 1. Incorrect File / Directory Permissions
- 2. Misconfiguration of the Apache Configuration Files
- Fixing the ‘403 Forbidden Error’
- 1. Adjust file permissions & ownership of the webroot directory
- 2. Adjust directives in Apache main configuration file
- Apache giving 403 forbidden errors
- 9 Answers 9
Apache2 virtualhost 403 forbidden?
I’m running ubuntu 13.04 64bit on my desktop, I installed Apache2, MySQL and PHP etc. I wanted to have my web root in /home/afflicto/public_html instead of /var/www . So I went along with this guide:
http://www.maketecheasier.com/install-and-configure-apache-in-ubuntu/2011/03/09
(I did everything from «configuring different sites») as I like the solution more. Here’s what I did:
Installed Apache2, MySQL etc..
copied /etc/apache2/sites-avaliable/default to /etc/apache2/sites-available/afflicto . Then edited it, it now looks like the following: /etc/apache2/sites-available/afflicto
ServerAdmin webmaster@localhost DocumentRoot /home/afflicto/public_html Options FollowSymLinks AllowOverride None Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all ErrorLog $/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog $/access.log combined
I did sudo a2dissite default && sudo a2ensite afflicto && sudo service apache2 restart I created a index.php and index.html in /home/afflicto/public_html/test/
when accessing localhost/test or localhost/test/index.html etc, I get 403 forbidden error. What am I doing wrong? update 1
I have set the owner of the public_html directory to www-data .
Also sudo chmod -R +x public_html && sudo chmod -R 777 public_html
Still same 403 error. Here’s the output of the apache error log:
[Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to / denied [Sun Jul 14 06:10:32 2013] [error] [client 127.0.0.1] (13)Permission denied: access to /favicon.ico denied
“Forbidden – You don’t have permission to access / on this server” Error
Apache web server is one of the most popular and widely used open-source web servers thanks to its stability and reliability. The web server commands a huge market, especially in the web hosting platforms.
Be that as it may, you may get a “Forbidden – You don’t have permission to access / on this server” error on your browser after setting up your website. It’s quite a common error and a good chunk of users have experienced it while testing their site. So what is this error?
Demystifying the Forbidden Error
Also referred to as the 403 Forbidden error, Apache’s ‘Forbidden Error’ is an error that is displayed on a web page when you are attempting to access a website that’s restricted or forbidden. It’s usually splashed on the browser as shown.
Additionally, the error can manifest in several ways on the browser as indicated below:
- HTTP Error 403 – Forbidden
- Forbidden: You don’t have permission to access [directory] on this server
- 403 Forbidden
- Access Denied You don’t have permission to access
- 403 forbidden requests forbidden by administrative rules
So what causes such errors?
The ‘403 Forbidden Error‘ occurs due to the following main reasons:
1. Incorrect File / Directory Permissions
This error can be triggered due to incorrect file/folder permissions on the webroot directory. If the default file permissions are not adjusted to grant users access to the website files, then the chances of this error popping on a web browser are high.
2. Misconfiguration of the Apache Configuration Files
This error can also be attributed to a misconfiguration of one of the Apache configuration files. It could be an incorrect parameter that has been included or missing directives in the configuration file.
Fixing the ‘403 Forbidden Error’
If you have encountered this error, here are a few steps that you can take to remedy this.
1. Adjust file permissions & ownership of the webroot directory
Incorrect file permissions & directory ownership are known to restrict access to website files. So, firstly, be sure to assign the file permissions recursively to the webroot directory as shown.
The webroot directory should always have EXECUTE permissions and the index.html file should have READ permissions.
$ sudo chmod -R 775 /path/to/webroot/directory
Additionally, adjust the directory ownership as shown:
$ sudo chown -R user:group /path/to/webroot/directory
Where the user is the regular logged-in user and the group is www-data or apache .
Finally, reload or restart the Apache webserver for the changes to take effect.
$ sudo systemctl restart apache2 OR $ sudo systemctl restart httpd
If this does not resolve the issue, proceed to the next step:
2. Adjust directives in Apache main configuration file
If you are on Debian-based Linux, in Apache’s main configuration file /etc/apache2/apache2.conf , ensure that you have this block of code:
Options FollowSymLinks AllowOverride None Require all denied AllowOverride None Require all granted Options Indexes FollowSymLinks AllowOverride None Require all granted
Save and exit and thereafter, restart the Apache.
If you are running Apache on RHEL-based distributions / CentOS systems, ensure that you relax access to the /var/www directory in the /etc/httpd/conf/httpd.conf main Apache configuration file.
AllowOverride None Require all granted
Then save all the changes and reload Apache.
If after trying all these steps you are still getting the error, then please check the configuration of your virtual host files. We have detailed articles on how you can configure the Apache Virtual host file on:
I hope that the steps provided have helped you clear the 403 error.
Apache giving 403 forbidden errors
Ok, so i’ve previously set up two virtual hosts and they are working cool. they both house simple web projects and work fine with http://project1 and http://project2 in the browser. Anyway, I’ve come to add another vhost. I edited the /etc/hosts file with 127.0.0.1 project3 and also updated the httpd-vhosts.conf file by copy and pasting the previous entries for project2 and editing the file path. I’ve checked all the file and folder permissions (in fact I copied and pasted from project2) and simply put a «hello world» message in the index.php file. I get a 403 forbidden permission denied message when accessing http://project3 Why is this, I just can figure out what step I’ve missed as everything seems to be set up correct.
9 Answers 9
- Apache can physically access the file (the user that run apache, probably www-data or apache, can access the file in the filesystem)
- Apache can list the content of the folder (read permission)
- Apache has a «Allow» directive for that folder. There should be one for /var/www/, you can check default vhost for example.
Additionally, you can look at the error.log file (usually located at /var/log/apache2/error.log ) which will describe why you get the 403 error exactly.
Finally, you may want to restart apache, just to be sure all that configuration is applied. This can be generally done with /etc/init.d/apache2 restart . On some system, the script will be called httpd. Just figure out.
no wait! I think I got it. I restarted apachectl and seems to work. Cant believe it was that simple. Thanks
I don’t see any issues with what’s named above, but still getting the error. Interestingly, the /var/log/apache2/error.log file has only two lines. First: »
I just fixed this issue after struggling for a few days. Here’s what worked for me:
First, check your Apache error_log file and look at the most recent error message.
- If it says something like:
access to /mySite denied (filesystem path '/Users/myusername/Sites/mySite') because search permissions are missing on a component of the path
then there is a problem with your file permissions. You can fix them by running these commands from the terminal:
$ cd /Users/myusername/Sites/mySite $ find . -type f -exec chmod 644 <> \; $ find . -type d -exec chmod 755 <> \;
Then, refresh the URL where your website should be (such as http://localhost/mySite ). If you’re still getting a 403 error, and if your Apache error_log still says the same thing, then progressively move up your directory tree, adjusting the directory permissions as you go. You can do this from the terminal by:
client denied by server configuration: /Users/myusername/Sites/mySite
then your problem is not with your file permissions, but instead with your Apache configuration. Notice that in your httpd.conf file, you will see a default configuration like this (Apache 2.4+):
AllowOverride none Require all denied
Order deny,allow Deny from all
DO NOT change this! We will not override these permissions globally, but instead in your httpd-vhosts.conf file. First, however, make sure that your vhost Include line in httpd.conf is uncommented. It should look like this. (Your exact path may be different.)
# Virtual hosts Include etc/extra/httpd-vhosts.conf
Now, open the httpd-vhosts.conf file that you just Include d. Add an entry for your webpage if you don’t already have one. It should look something like this. The DocumentRoot and Directory paths should be identical, and should point to wherever your index.html or index.php file is located. For me, that’s within the public subdirectory. For Apache 2.2:
# ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/Users/myusername/Sites/mySite/public" ServerName mysite # ErrorLog "logs/dummy-host2.example.com-error_log" # CustomLog "logs/dummy-host2.example.com-access_log" common Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order allow,deny Allow from all Require all granted
AllowOverride All Require all granted
are critical for Apache 2.4+. Without these, you will not be overriding the default Apache settings specified in httpd.conf . Note that if you are using Apache 2.2, these lines should instead say
Order allow,deny Allow from all
I hope this helps someone else!
PS: If you are having trouble finding these .conf files, try running the find command, such as: