LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 06-09-2006, 09:39 PM   #1
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Rep: Reputation: 15
Apache - "403 forbidden" message on any DIR below DocumentRoot


Updated: below is my original problem situation - I have now discovered that it is not just subdirectories that receive the "403 forbidden" message - attempting to access any file within the DocumentRoot, other than index.html, will produce this message.
**********************************


I'm attempting to setup Apache 2.2 on Fedora 5.

I have moved the DocumentRoot to a different directory /webdev and have one other directory below there /webdev/phonebills.

The main page works fine, and my small index.html file loads and displays my link to /phonebills/index.html, but when trying to access that directory, I get the "403 Forbidden message":

****************************************************************

You don't have permission to access /phonebills/index.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

****************************************************************

Below is a portion of my httpd.conf file...

Quote:
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/webdev"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#


<Directory "/webdev">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>


<Directory "/webdev/phonebills"> #have also tried "/phonebills"
Options Indexes FollowSymLinks
AllowOverride None

Order allow,deny
Allow from all

</Directory>
I've been at this for days and just about at my wits end. I've searched stacks of webpages and previous posts here. I don't believe it is a permisions problem since /webdev and the subdir have the same owner and permissions.

Any suggestions as to what might be wrong here?

Last edited by stevod333; 06-11-2006 at 05:09 AM.
 
Old 06-10-2006, 11:17 PM   #2
Snowbat
Member
 
Registered: Jun 2005
Location: q3dm7
Distribution: Mandriva 2010.0 x86_64
Posts: 338

Rep: Reputation: 31
What about the permissions of the files in /webdev and /webdev/phonebills/ ?

For comparison, here are some example file and directory permissions from DocumentRoot and a subdirectory on my old Mandrake 9.1 server:

DocumentRoot /var/www/html
Code:
drwxr-xr-x root root /var/www/html/
-rw-r--r-- root root /var/www/html/index.shtml
drwxr-xr-x root root /var/www/html/mrtg/
-rw-r--r-- root root /var/www/html/mrtg/index.html

Last edited by Snowbat; 06-11-2006 at 01:52 AM. Reason: Owner and group added
 
Old 06-11-2006, 01:30 AM   #3
natm
Member
 
Registered: Sep 2004
Distribution: Ubuntu 7.04
Posts: 34

Rep: Reputation: 15
yeah, I would think it'd be the permissions, I have a script set up to change the ownership and permissions of the files to what apache wants, and I would give you my exact script, but my computer is dead right now: http://www.linuxquestions.org/questi...d.php?t=453620

basically, just set the ownership to the user apache I think, I'm a bit rusty on this as it's been a while since I set up my own server. I think you should just set the permissions and ownership the same as you have you're index.html file set.
 
Old 06-11-2006, 03:37 AM   #4
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
I think the permisions are ok - below is a list of the permisions for all related directories and files:

/
...
....
drwxrwxr-x 3 apache apache 4096 Jun 10 10:16 webdev

/webdev/
-rw-rw-r-- 1 apache apache 120 Jun 10 10:05 index.html
drwxrwxr-x 2 apache apache 4096 Jun 10 10:30 phonebills

/webdev/phonebills/
-rw-rw-r-- 1 apache apache 423 Jun 6 20:42 index.html
-rw-rw-r-- 1 apache apache 114 Jun 6 20:30 PBmain.php


As you can see, permissions for /webdev and /webdev/phonebills are the same, as are all the files in each directory.

I just don't get it
 
Old 06-11-2006, 04:56 AM   #5
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
Problem situation changed...

I really needed to start getting some actual work done, so I thought that until I resolved this problem, I would simply move my project files into /webdev - and I still recieve the same message when trying to access any files apart from index.html - so it's not just subdirectories that cant be accessed -- nothing can be accessed!!!

This situation has just gone from bad to horrifying

I'm posting a new thread with the updated problem situation as the title.

Thanks to all who have replied so far.

Last edited by stevod333; 06-11-2006 at 05:34 AM.
 
Old 06-11-2006, 05:31 AM   #6
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
Apache - "403 forbidden" message on any file (or directory) other than index.html

I'm attempting to setup Apache 2.2 on Fedora 5.

To start with, I have moved the DocumentRoot to a different directory /webdev and have one other directory below there /webdev/phonebills.

The server is up and running, and my small index.html file loads and displays my links to other files and directories, but when trying to access anything other that {DocumentRoot}/index.html file, I get the "403 Forbidden message":

****************************************************************

You don't have permission to access {selected path and file} on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

****************************************************************

Below is a portion of my httpd.conf file...

Quote:
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/webdev"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#


<Directory "/webdev">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>


#<Directory "/webdev/phonebills"> #have also tried "/phonebills"
#Options Indexes FollowSymLinks
#AllowOverride None

#Order allow,deny
#Allow from all

#</Directory>
I've been at this for days and just about at my wits end.
I posted a previous thread while I thought the problem was simply trying to access subdirectories below DocumentRoot, but have now discovered that no files/directories can be accessed other than index.html.
I've searched stacks of webpages and previous posts here. I don't believe it is a permisions problem since all the files in DocumentRoot have the same owner and permissions.

Any suggestions as to what might be wrong here?
 
Old 06-11-2006, 05:41 AM   #7
Snowbat
Member
 
Registered: Jun 2005
Location: q3dm7
Distribution: Mandriva 2010.0 x86_64
Posts: 338

Rep: Reputation: 31
It may not make any difference but I notice the DocumentRoot line in my httpd.conf is not enclosed in quotes.
 
Old 06-11-2006, 05:46 AM   #8
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
maybe apache does not have the permission to access the files (most probably /webdev/phonebills) its been crying foul about. locate the file/directories yourself within the filesystem and change their permissions so that apache or the user for whom apache is running can atleast read.

Last edited by prozac; 06-11-2006 at 05:48 AM.
 
Old 06-11-2006, 10:39 AM   #9
peterb
Member
 
Registered: Aug 2003
Location: Athens, Greece
Distribution: Mandriva, Fedora
Posts: 127

Rep: Reputation: 15
Have a look at
/var/log/httpd/access_log
/var/log/httpd/error_log
/var/log/messages
for some clues.

Are you using vhost.conf?
 
Old 06-11-2006, 08:34 PM   #10
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
Permissions for all the files and subdiretories are the same - here they are...

/webdev
Quote:
drwxrwxr-x 4 apache apache 4096 Jun 11 18:42 webdev
/webdev/*
Quote:
-rw-rw-r-- 1 apache apache 127 Jun 11 18:41 index.html
-rw-rw-r-- 1 apache apache 423 Jun 6 20:42 PBlogin.html
-rw-rw-r-- 1 apache apache 114 Jun 6 20:30 PBmain.php
drwxrwxr-x 2 apache apache 4096 Jun 11 18:31 phonebills

Originally, I had the PB* files in /webdev/phonebills/, but I moved them back to /webdev/ thinking that it was jus a problem accessing the subdirectory ../phonebills/.
The only file listed above that can be accessed is index.html - any of the other files give the 403 forbidden message.


Here are the last few access attempts recorded in the log files:

access.log
Quote:
192.168.0.1 - - [12/Jun/2006:10:27:29 +1000] "GET /index.html HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060419 Fedora/1.5.0.2-1.2.fc5 Firefox/1.5.0.2 pango-text"
192.168.0.1 - - [12/Jun/2006:10:27:31 +1000] "GET /PBlogin.html HTTP/1.1" 403 409 "http://192.168.0.1/index.html" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060419 Fedora/1.5.0.2-1.2.fc5 Firefox/1.5.0.2 pango-text"
192.168.0.1 - - [12/Jun/2006:10:29:08 +1000] "GET /PBmain.php HTTP/1.1" 403 407 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060419 Fedora/1.5.0.2-1.2.fc5 Firefox/1.5.0.2 pango-text"
error.log
Quote:
[Mon Jun 12 10:27:31 2006] [error] [client 192.168.0.1] (13)Permission denied: access to /PBlogin.html denied, referer: http://192.168.0.1/index.html
[Mon Jun 12 10:29:08 2006] [error] [client 192.168.0.1] (13)Permission denied: access to /PBmain.php denied
Nothing very useful as far as I can see.
Any other suggestions?
 
Old 06-11-2006, 08:40 PM   #11
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
Also here are the last few entries in /var/messages

Quote:
Jun 12 10:27:31 steve kernel: audit(1150072051.095:79): avc: denied { getattr } for pid=6994 comm="httpd" name="PBlogin.html" dev=dm-0 ino=267525 scontext=system_u:system_r:httpd_t:s0 tcontext=user_ubject_r:user_home_t:s0 tclass=file
Jun 12 10:29:08 steve kernel: audit(1150072148.978:80): avc: denied { getattr } for pid=6995 comm="httpd" name="PBmain.php" dev=dm-0 ino=4391586 scontext=system_u:system_r:httpd_t:s0 tcontext=user_ubject_r:user_home_t:s0 tclass=file
Jun 12 10:29:08 steve kernel: audit(1150072148.978:81): avc: denied { getattr } for pid=6995 comm="httpd" name="PBmain.php" dev=dm-0 ino=4391586 scontext=system_u:system_r:httpd_t:s0 tcontext=user_ubject_r:user_home_t:s0 tclass=file
Does this give us any clues?

Last edited by stevod333; 06-11-2006 at 08:44 PM.
 
Old 06-12-2006, 03:36 AM   #12
stevod333
Member
 
Registered: Mar 2006
Location: Australia
Distribution: SUSE 10.2
Posts: 47

Original Poster
Rep: Reputation: 15
Fixed it.

The problem was with SElinux. Running the command system-config-securitylevel and ticking all the checkboxes for HTTPD has solved the problem.

Thank you to everyone who has tried to help with this.
 
Old 06-12-2006, 05:58 AM   #13
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 48
The problem is that if you move stuff from other places into that directory, it will not have the right "context" for Apache to be allowed to access it. You can run "restorecon -R /webdev" to set the correct context. Turning off security is not the right solution.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache web access "Forbidden" wswartz Linux - Software 21 10-27-2011 11:52 AM
Suse 10.1 - Apache "Access Forbidden!" on any page Danny-T Linux - Networking 4 06-01-2006 01:31 AM
Apache is giving me 403 when changing DocumentRoot Lazy Foo' Linux - Software 7 01-30-2006 09:39 PM
Created "htdoc enabled dir" in apache doubt??? tuxfood Linux - Software 0 09-19-2005 01:40 AM
Apache 2, "Forbidden" TazG Linux - Software 2 05-30-2004 08:33 PM


All times are GMT -5. The time now is 12:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration