Access Forbidden! Apache - driving me nuts...

Hi,

I have just installed apache and when I go to local host I get:

Access forbidden!

You don't have permission to access the requested directory. There is either no index document or the directory is read-protected.

If you think this is a server error, please contact the webmaster.
Error 403
localhost
Wed Jul 2 19:27:52 2008
Apache/2.2.8 (Linux/SUSE) 

I get this even though I have allowed from all in the httpd.conf

In the apache error logs I get this:

[Wed Jul 02 19:27:49 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:50 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:51 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:51 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:51 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:51 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:52 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:52 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:52 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/
[Wed Jul 02 19:27:52 2008] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /srv/www/htdocs/

This is my httpd.conf:

#
# /etc/apache2/httpd.conf 
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs-2.2/> for detailed information about
# the directives.

# httpd.conf
#  | 
#  |-- uid.conf  . . . . . . . . . . . . . .  UserID/GroupID to run under
#  |-- server-tuning.conf  . . . . . . . . .  sizing of the server (how many processes to start, ...)
#  |-- sysconfig.d/loadmodule.conf . . . . .  [li] load these modules
[/li]#  |-- listen.conf . . . . . . . . . . . . .  IP adresses / ports to listen on
#  |-- mod_log_config.conf . . . . . . . . .  define logging formats
#  |-- sysconfig.d/global.conf . . . . . . .  [li] server-wide general settings
[/li]#  |-- mod_status.conf . . . . . . . . . . .  restrict access to mod_status (server monitoring)
#  |-- mod_info.conf . . . . . . . . . . . .  restrict access to mod_info
#  |-- mod_usertrack.conf  . . . . . . . . .  defaults for cookie-based user tracking
#  |-- mod_autoindex-defaults.conf . . . . .  defaults for displaying of server-generated directory listings
#  |-- mod_mime-defaults.conf  . . . . . . .  defaults for mod_mime configuration
#  |-- errors.conf . . . . . . . . . . . . .  customize error responses
#  |-- ssl-global.conf . . . . . . . . . . .  SSL conf that applies to default server _and all_ virtual hosts
#  |
#  |-- default-server.conf . . . . . . . . .  set up the default server that replies to non-virtual-host requests
#  |    |--mod_userdir.conf  . . . . . . . .  enable UserDir (if mod_userdir is loaded)
#  |    `--conf.d/apache2-manual?conf  . . .  add the docs ('?' = if installed)
#  |
#  |-- sysconfig.d/include.conf  . . . . . .  [li] your include files 
[/li]#  |                                             (for each file to be included here, put its name 
#  |                                              into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
#  |
#  `-- vhosts.d/ . . . . . . . . . . . . . .  for each virtual host, place one file here
#       `-- *.conf . . . . . . . . . . . . .     (*.conf is automatically included)
#
#
# Files marked [li] are created from sysconfig upon server restart: instead of
[/li]# these files, you edit /etc/sysconfig/apache2



#  Filesystem layout:
#
# /etc/apache2/
#  |-- charset.conv  . . . . . . . . . . . .  for mod_auth_ldap
#  |-- conf.d/
#  |   |-- apache2-manual.conf . . . . . . .  conf that comes with apache2-doc
#  |   |-- mod_php4.conf . . . . . . . . . .  (example) conf that comes with apache2-mod_php4
#  |   `-- ... . . . . . . . . . . . . . . .  other configuration added by packages
#  |-- default-server.conf
#  |-- errors.conf
#  |-- httpd.conf  . . . . . . . . . . . . .  top level configuration file
#  |-- listen.conf
#  |-- magic
#  |-- mime.types -> ../mime.types
#  |-- mod_autoindex-defaults.conf
#  |-- mod_info.conf
#  |-- mod_log_config.conf
#  |-- mod_mime-defaults.conf
#  |-- mod_perl-startup.pl
#  |-- mod_status.conf
#  |-- mod_userdir.conf
#  |-- mod_usertrack.conf
#  |-- server-tuning.conf
#  |-- ssl-global.conf
#  |-- ssl.crl/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Revocation Lists (CRL)
#  |-- ssl.crt/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificates
#  |-- ssl.csr/  . . . . . . . . . . . . . .  PEM-encoded X.509 Certificate Signing Requests
#  |-- ssl.key/  . . . . . . . . . . . . . .  PEM-encoded RSA Private Keys
#  |-- ssl.prm/  . . . . . . . . . . . . . .  public DSA Parameter Files
#  |-- sysconfig.d/  . . . . . . . . . . . .  files that are created from /etc/sysconfig/apache2
#  |   |-- global.conf
#  |   |-- include.conf
#  |   `-- loadmodule.conf
#  |-- uid.conf
#  `-- vhosts.d/ . . . . . . . . . . . . . .  put your virtual host configuration (*.conf) here
#      |-- vhost-ssl.template
#      `-- vhost.template



### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a &lt;VirtualHost&gt;
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a &lt;VirtualHost&gt;
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to 
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
&lt;Directory /&gt;
    Options None
    AllowOverride None
    Order deny,allow
    Allow from all
&lt;/Directory&gt;

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
&lt;Files ~ "^\.ht"&gt;
    Order allow,deny
    Allow from all
&lt;/Files&gt;

# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var

### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# &lt;VirtualHost&gt; definition.  These values also provide defaults for
# any &lt;VirtualHost&gt; containers you may define later in the file.
#
# All of these directives may appear inside &lt;VirtualHost&gt; containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf


# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf


### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# &lt;URL:http://httpd.apache.org/docs-2.2/vhosts/&gt;
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
Include /etc/apache2/vhosts.d/*.conf


# Note: instead of adding your own configuration here, consider 
#       adding it in your own file (/etc/apache2/httpd.conf.local)
#       putting its name into APACHE_CONF_INCLUDE_FILES in 
#       /etc/sysconfig/apache2 -- this will make system updates 
#       easier :) 

This is driving me bonkers :mad: I have tried everything. See my /etc/sysconfig/apache in the next post…

Any help greatly appreciated…
/jlar

Have you installed also yast module for http server settings ?

I just did the installation and setup with yast and everything works like a charm. (on opensuse 11.0 32bit)

You don’t have Indexes option defined for the directory - hence it won’t show you the contents.

<Directory />
    Options Indexes
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

That would enable showing directory indexes.

Of course a better idea is to make a index.html or index.php file there.

Hi Everyone,

Thanks for your replys… I finally got this sorted. The config files for apache2 are all over the place since 2.2. I preferred the single config file.

I have the following files:
Main Config httpd.conf /etc/apache2/
Local Config httpd.conf.local /srv/www/php-bin/
System apache2 /etc/apache2

The problem was that httpd.conf was including a file default-server.conf which set the document root to /srv/www/htdocs. I had noticed that in the log files, and I did suspect that another config file was being included higher up the chain but I couldn’t find it. I did a grep /srv/www/ *.conf in the /etc/apache2 folder but it didn’t return anything. I was expecting to get ‘Seeing this instead of the website you expected?’ or something at localhost… I don’t if it has changed for apache 2.2.

Thanks again,
jlar

I really hate how SUSE distributes the Apache files all over the filesystem and you can fix this error by just setting your web root in the configuration file. Luckily for me this is only a local installation and is one reason not to use openSUSE as server environment in production.

You don’t understand the logic behind the organisation of the config files that’s all. In practice only the files in vhosts.d need to be created/edited, and VirtualHosts enabled in listen.conf.

You just have to remember a few things. Modules are enabled in /etc/sysconfig/apache2. VirtualHosts are added by putting a config file in vhosts.d. Hardly anything else needs to be touched.

I recommend always going for VirtualHosts from the start even if you have only one site (you can make that the default site). It nicely generalises to more than one site.

All that stuff about LoadModule isn’t needed. If you install the appropriate apache module from a SUSE RPM, all you have to do is enable it in /etc/sysconfig/apache2.

http://i283.photobucket.com/albums/kk282/Chrysantine/what.gif

If you happen to actually be running in a REAL production environment, not your 2 site vhost configuration at your fathers basement, having a distributed seperate distinct configuration files for each site is a blessing.

The SuSE configuration layout is a breeze - you have /etc/sysconfig/apache2 defining startup parameters, default-server for the primary server, conf.d for handler/type configs and vhost.d for virtual hosts.

Hi Guys, I’m running OpenSuSe 11 64 bit, and have the same problem, but I can’t solve it (Normally install out of the box, ru yast ans off we go!).

I’ve followed all the advice I can find - allowing from all in the global conf etc, but I still get the same Access Forbidden message even with a chmod of 0777. Funnily enough, public_html is no problem!

Is there an idiots guide somewhere that could help with a basic config to allow access to the default server (/srv/www/htdocs) and another directory on the root of the system (/data/)?

I didn’t have this problem with SuSE 10.3, and those config files give me exactly the same problem when put in place of the SuSE 11 apache config files.

Many thanks for reading.

Thread moved to Network/Internet
opensuse.org.help.network-internet

Ok, make sure you have a file called index.html in your document root. This is the file that should be served up when you got to http://localhost. For Apache 2.2 it should serve up ‘It Works!’ By default Apache denys access to everything in your httpd.conf. You need to allow access to particular directories using v.host/vhost.conf. Post your httpd.conf and vhost.conf

I have been struggling for days trying to install Apache2 onto a new machine with SUSE10.3. I do not have a lot of experience and have asked everyone I know, to no avail, but it sounds as though this group is discussing something closely related.

The basic problem
Documents placed into my public_html folder receive the “access forbidden” message when called up in any browser, online or localhost. When I change permissions to allow users read-only rights through Nautilus, the files become accessible… However, any new files added afterwards do not!

My setup
Since my user name is beorn, I created a folder public_html and then used YaST to point at it. I used virtual host because I will shortly need to add a second site under this same IP.
My settings in YaST – httpd server
Main Host tab
Document root: /home/beorn/public_html
Server name: Dog Days Baseball Home
Directory
>AllowOverride: None
>Order: Allow, deny
>Allow: from all
ScriptAlias: /cgi-bin/ “/srv/www/cgi-bin/”
Directory: “/srv/www/cgi-bin/”
>AllowOverride: None
>Options: +ExecCGI-Includes
>Order: Allow, deny
>Allow: from all
UserDir: public_html

Host tab
Document root: /home/beorn/public_html
Server name: Dog Days Baseball Home
Directory: /home/beorn/public_html
>AllowOverride: None
>Order: Allow, deny
>Allow: from all
ScriptAlias: /cgi-bin/ “/srv/www/cgi-bin/”
Directory: “/srv/www/cgi-bin/”
>AllowOverride: None
>Options: +ExecCGI-Includes
>Order: Allow, deny
>Allow: from all
UserDir: public_html

Can you see any reason here why files placed into public_html cannot be read on the web, unless I specifically go in and change permissions? Can you suggest any other explanations? (Sorry, but I have to admit to limited experience and knowledge, but would very much appreciate a hand.)

This turned out to be a totally different problem:

To send files from my ftp client FileZilla on the xp machine to the public_html folder on the SUSE machine, I needed to go into YaST FTP server settings and enter a umask of 022. Once i did that, apache was able to serve the new files to the internet.

(I am mystified as to why this is not a problem for more people. What is so unusual about my setup? And why didn’t I go through this with my old Redhat apache server?)

oldog wrote:

>
> I have been struggling for days trying to install Apache2 onto a new
> machine with SUSE10.3. I do not have a lot of experience and have
> asked everyone I know, to no avail, but it sounds as though this group
> is discussing something closely related.
>
> THE BASIC PROBLEM
> Documents placed into my public_html folder receive the “access
> forbidden” message when called up in any browser, online or localhost.
> When I change permissions to allow users read-only rights through
> Nautilus, the files become accessible… However, any new files added
> afterwards do not!
>
> MY SETUP
> Since my user name is beorn, I created a folder public_html and then
> used YaST to point at it. I used virtual host because I will shortly
> need to add a second site under this same IP.
> My_settings_in_YaST–httpd_server
> Main_Host_tab
> Document root: /home/beorn/public_html
> Server name: Dog Days Baseball Home
> Directory
>>AllowOverride: None
>>Order: Allow, deny
>>Allow: from all
> ScriptAlias: /cgi-bin/ “/srv/www/cgi-bin/”
> Directory: “/srv/www/cgi-bin/”
>>AllowOverride: None
>>Options: +ExecCGI-Includes
>>Order: Allow, deny
>>Allow: from all
> UserDir: public_html
>
> Host_tab
> Document root: /home/beorn/public_html
> Server name: Dog Days Baseball Home
> Directory: /home/beorn/public_html
>>AllowOverride: None
>>Order: Allow, deny
>>Allow: from all
> ScriptAlias: /cgi-bin/ “/srv/www/cgi-bin/”
> Directory: “/srv/www/cgi-bin/”
>>AllowOverride: None
>>Options: +ExecCGI-Includes
>>Order: Allow, deny
>>Allow: from all
> UserDir: public_html
>
> Can you see any reason here why files placed into public_html cannot be
> read on the web, unless I specifically go in and change permissions?
> Can you suggest any other explanations? (Sorry, but I have to admit to
> limited experience and knowledge, but would very much appreciate a
> hand.)
>
>

Apache runs as user ‘wwwrun’, group ‘www’. Your files are likely being
saved with a mode of 640 or so (equates to -rw-r-----). You are in
group ‘users’.

So by the permissions, you (owner) have read/write, people in your group
have read, and everyone else has no access.

Apache (user wwwrun) isn’t in the users group, so it gets the ‘everyone
else’ permissions… none.

If you change permissions on files to 644 (-rw-r–r–) and directories to
755 (-rwx-r-xr-x), then apache (wwwrun:www) has permissions to read the
files.

chmod 644 file
chmod 755 directory

You COULD add the user wwwrun to the users group.

(as root)
groupmod -A wwwrun users
(you’ll have to restart apache to get group permissions to update)

Overall, I see it as a little bit more security. You can’t just dump stuff
into ‘public_html’, you have to remember to give permission by changing the
permissions.

Hope that helps.

L R Nix
lornix@lornix.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Most people probably don’t FTP things to their own home directory? It
is probably a good idea to become familiar with scp (file transfer over
ssh) as that will prevent what you are seeing, not require any
additional services, and be secure as FTP definitely is not. Also, vs.
RedHat, if the FTP server is setup differently (regarding masks) this
could be completely normal.

Good luck.

oldog wrote:
| This turned out to be a totally different problem:
|
| To send files from my ftp client FileZilla on the xp machine to the
| public_html folder on the SUSE machine, I needed to go into YaST FTP
| server settings and enter a umask of 022. Once i did that, apache was
| able to serve the new files to the internet.
|
| (I am mystified as to why this is not a problem for more people. What
| is so unusual about my setup? And why didn’t I go through this with my
| old Redhat apache server?)
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIiKns3s42bA80+9kRAvGmAJ9UR5XnT9QJcnoaM0tRMt6gp4QrMACfRk2L
I4xcz+yHPhf/2tIEyDzZvig=
=w005
-----END PGP SIGNATURE-----

I’m having same kind of problem but haven’t yet change any conf.file from apache RPM.
**
Errror 403 for**
-http://localhost
-http://127.0.0.1
-http://localhost/server-info

index.html an info.php exist in /srv/www/htdocs

but work find with from http://localhost/username/
with info.php test file.

10.3 Gnome 2.2 Apache/2.2.4 (Linux/SUSE) PHP Version 5.2.6

I need help on this matter too!!I keep in getting forbiden access when I am trying to test my first php code when I type http:\localhost est.php…I keep getting denied access and it wont display my code…please help
This is the first time I am using apache 2.2 and PHP

:’(

Quite and old thread you bumped there…

Anyways, I’ve used the instructions here: Cool Solutions: Installing Apache, PHP, and MySQL on SUSE Linux Professional with success like 3 times to have my apache/php (and mysql) set up properly. It’s a bit old so some things don’t match up, however it should still be understandable.

totally agree with EarthMind on this ancient post. Yeah I am running open SUSE on my computer as a desktop and will never make it a production server what about us? You know there can always be a normal conf for desktop use and a the regular Frankenstein conf for someone who wants to run a huge webserver, which makes me wonder why someone would want to run a massive webserver without using regular SUSE? But I am sure some witty JA will reply about me and my basement instead of giving an really good reason.
note I do realize what they are trying to do and see it to a point but abstraction upon abstraction leads to confusion and then distro shopping.
mod unique

I can remember trying to get my head round apache in suse myself, but once you get used to the way it sets things up it’s pretty easy to understand and work with

One thing I will say is doing things in the conf files by hand seems to work better than Yast’s Http Server tool, at least it did for me especially with virtual hosts

Hopefully what I’m about to paste may help someone understand things a bit more easily and not confuse too many

Once you install apache through Yast there’s actually very little you should need to change, the only files I had to do anything with were /etc/apache2/httpd.conf and /etc/apache2/default-server.conf

Here’s the main sections that needed defining in my files:

httpd.conf

DirectoryIndex index.html index.html.var index.php

Include /etc/apache2/default-server.conf

Include /etc/apache2/vhosts.d/*.conf

I didn’t touch anything in this file other than adding index.php to DirectoryIndex

If you don’t want to use the default-server.conf file comment out the line, if you do this I’d suggest putting a file for your ‘main’ site in the vhosts.d folder and call it something like aaa.conf

The vhost files are detected alphabetically so if you use vhosts your ‘main’ site may not be the first one detected if you call it by the site’s name, naming it aaa.conf or something similar helps make sure your main site is the one that opens when you do http://localhost or someone outside tries to access it

If you won’t be using vhosts you could coment out that line, but leaving it there won’t cause any harm

default-server.conf

There are allsorts of other things you can do in any site config file, read up on apache directives for more info, what I’ve put below is pretty basic but more than enough to make the site work

DocumentRoot “/srv/www/htdocs”

<Directory “/srv/www/htdocs”>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Alias /icons/ “/usr/share/apache2/icons/”

<Directory “/usr/share/apache2/icons”>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

ScriptAlias /cgi-bin/ “/srv/www/cgi-bin/”

<Directory “/srv/www/cgi-bin”>
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>

<IfModule mod_userdir.c>
UserDir public_html
Include /etc/apache2/mod_userdir.conf
</IfModule>

Include /etc/apache2/conf.d/*.conf

You could if you wanted put things like the cgi and icons locations and the UserDir setting in the main httpd.conf instead, and if you do comment out the default-server.conf line in the httpd.conf file then that’s something you probably SHOULD do

If you didn’t change anything you shouldn’t and just did something like what’s explained above, provided your apache is actually running and you’ve put an index.html file in the specified DocumentRoot folder your site should work

Virtual Hosts

Bear in mind that if you want to host multiple sites and/or use sub-domains and have them accessible to the outside world you will need to have the neccessary dns records set up and resolving to your server’s internet address

Whoever handles your domain name(s) should be able to help with that on the external side of things, but you may need to have a look at the Dns Server setup in Yast for handling the addresses internally

Here’s a simple config file for a working subdomain file which is saved in the vhosts.d folder:

<VirtualHost *:80>
DocumentRoot “/home/username/public_html”

<Directory "/home/username/public_html">

AllowOverride None
Order allow,deny
Allow from all
</Directory>

</VirtualHost>

Again check out the docs on apache directives for more available options, but that will work using the directives defined in httpd.conf

Bear in mind that unless you have dns set up that resolves subdomain.yourdomain.com correctly, to access sites contained in home/public_html folders you will need the UserDir directive as shown earlier and access the site with a url like the one below:

http://yourdomain.com/~username (replace yourdomain.com with localhost if opening locally)

Adopting a simple approach like that should have your site working in minutes, anything more exotic you can add later, and like anything else it’s a good idea to rtfm at some point

As for saying suse isn’t suitable for a production environment I find that absolutely ludicrous, suse if anything offers more and simpler options for setting up and securing things than a number of other distros, and in my experience it’s a sight more stable than some