Yet another Apache index.html 403 problem
 

I'm migrating from a shared server environment to a VPS. The VPS is running Apache 2.0 under CentOS. Right now the VPS has just an IP address.

Before moving all of the files over I wanted to run a small test. I brought the three files that comprise the home page of my domain, including one named index.html Then it's the usual story, I still see the CentOS Apache 2 Test page.

All three files are in /var/www/html
The permissions for the files are 0644 and 0755 for the directories.
The user apache owns everything.

From /etc/httpd/conf/httpd.conf:

DocumentRoot had originally been set to another directory for the domain name and not the IP address within <VirtualHost>, but changing that so they are both /var/www/html makes no difference.

The error log shows this:

No mention of index.htm When I tried using index.htm it still didn't work.

Explicitly using http://xxx.xx.xxx.xxx/index.html brings up the standard 403 page.

Setting the file and directory permissions to 0777 makes no difference. Creating a php version of index.html doesn't work.

I've even tried using .htaccess to define index.html as the default file. The existence of an empty .htaccess file made no difference either.

The really odd thing is when I changed the welcome.conf file. I commented out every line and still get the CentOS test page.

I'm sure it has to be something really freaking obvious that I'm missing.

Hi,

I do a small test in my CentOS + Apache server and the only
way that i can duplicate the messages you are getting in the
log is when I intentionally did:
chmod 700 /var/www/html

After that, i got the default Centos Test Page and messages
like yours in the log.
(13)Permission denied: access to /index.php denied
(13)Permission denied: access to /index.html denied
(13)Permission denied: access to /index.html.var denied

Attempting to access http://127.0.0.1/index.htm gives me
a 403 Forbidden page.

After restoring the permissions with "chmod 755 /var/www/html"
everything works fine.

Another thing I noticed is that you should add index.htm
to the DirectoryIndex in httpd.conf

Another test, when I do chmod 700 /var/www the message in log
is :
(13)Permission denied: access to / denied
And the browser shows a 403 Forbidden page.

Hope it helps with your trouble.

Best regards,

I get those messages with the directory permissions set at 755 or 777.

I have that entry. It's odd to me that there is no permission denied message for index.htm whether or not index.htm exists.


No permission denied message for / is in any of the logs.

Thanks for running the test.

What happens if you try without SELinux (setenforce 0)

Security context for /var/www/html should be given by

I'm not running SELinux.

Although as I've already had four or five different people attempt to crack the server since it came online I probably should.

I guess I've stumped everyone.

Along the same lines of chmod 777, other things I've tried to no avail. In no particular order:

Commenting out the VirtualHost with the actual domain name that is going to be used, and leaving the one with the IP address.

Using the ServerName with the IP address and port 80 along. UseCanonicalName is set to On.

I removed the quotes from directories as some Apache documentation I read didn't use them. When that didn't make any difference I put them back.

Explicitly defining Options +Indexes +FollowSymLinks +ExecCGI instead of just Options Indexes etc.

That was specious. I forgot to stop and restart Apache a couple of times. It wouldn't have mattered much, as it still wasn't happy with the changes I made.

I did find what it wanted.

So the IP address is name-based. OK then.

It's happy with both the named domain and the IP address as virtual host entries.

It doesn't like something in my .htaccess file, but that's easy enough to figure out.

So are you still getting http 403 errors?

Your <Directory> stanza needs to contain something along the lines of:

Nope. The static html files are displaying as expected. Next up: moving Invision Power Board from the current server to the new one.

I should have included that in my original post. / is deny from all and /var/www/html is allow from all. Something like that. I'm posting from my laptop and I don't have a telnet or ftp client installed.

Also it's the .htaccess file with the entries for IPB that Apache currently doesn't like, but that's no big deal. Once IPB is installed I expect it will like the .htaccess file, there will be no problem anywhere, my teeth will be bright and world peace will finally be achieved.

Just a coda for anyone else who finds themselves in a similar situation.

My domain host uses Plex to partition the physical server into multiple virtual servers, and Plex has its own way of doing things. E.g. instead of /var/www/html being the default location for the web-accessible files it's /var/www/vhosts/yourdomain.tld/httpdocs/

The Virtual Host stanza takes about a screen and a half. Without comments or blank lines. For a single virtual host entry. So that's three screens worth for the domain name and the IP address.

I had loads of fun getting IPB to work, MySQL had to be reinstalled and phpMyAdmin still doesn't work, but Apache hasn't been any trouble since.