Apache2 PHP Access Denied

I am trying to set up php on a Tumbleweed system and I am having issues getting the thing to work. I looked through the wiki, stack exchange etc and I can’t seem to get any proposed solution to work so I am obviously missing something.

Thank you for any help on this,

Nice picture with almost no contents. But we have no idea what you are (trying to) do.

Have you a running Apache server?
Are you using a “browser” to get something from that server, and when yes, which one and what (URL) are you trying to get.

And stories like

Does not tell us even the smallest detail about what you did to get things configured and running.

Sorry, but people her are not clairvoyant.

I have a properly running apache server. I tried to specify that I used the wiki but I did fail to give a link of the process I utilized:

I have installed the following packages for php:

S  | Name            | Summary                                                | Type
i+ | php8            | Interpreter for the PHP scripting language version 8   | package
i+ | php8-bz2        | PHP bzip2 codec support                                | package
i+ | php8-cli        | Interpreter for the PHP scripting language version 8   | package
i  | php8-ctype      | Character class extension for PHP                      | package
i+ | php8-curl       | PHP libcurl integration                                | package
i  | php8-dom        | Document Object Model extension for PHP                | package
i+ | php8-fpm        | FastCGI Process Manager PHP Module                     | package
i+ | php8-fpm-apache | Apache configuration for PHP-FPM                       | package
i+ | php8-gd         | GD Graphics Library extension for PHP                  | package
i  | php8-iconv      | Character set conversion functions for PHP             | package
i+ | php8-imagick    | Wrapper to the ImageMagick library                     | package
i+ | php8-ldap       | LDAP protocol support for PHP                          | package
i+ | php8-mbstring   | Multibyte string functions for PHP                     | package
i+ | php8-mysql      | MySQL database client for PHP                          | package
i+ | php8-odbc       | ODBC extension for PHP                                 | package
i  | php8-openssl    | OpenSSL integration for PHP                            | package
i  | php8-pdo        | PHP Data Objects extension for PHP                     | package
i+ | php8-pgsql      | PostgreSQL database client for PHP                     | package
i+ | php8-readline   | PHP readline extension                                 | package
i+ | php8-smbclient  | A PHP wrapper for libsmbclient                         | package
i+ | php8-snmp       | SNMP extension for PHP                                 | package
i  | php8-sqlite     | SQLite database client for PHP                         | package
i+ | php8-ssh2       | PHP bindings for the libssh2 library                   | package
i  | php8-tokenizer  | Extension module to access Zend Engine's PHP tokenizer | package
i  | php8-xmlreader  | Streaming XML reader extension for PHP                 | package
i  | php8-xmlwriter  | Streaming-based XML writer extension for PHP           | package
i+ | php8-zip        | ZIP archive support for PHP                            | package

I also added this:
/etc/apache2/mod_mime-defaults.conf added a line at the end:

AddType application/x-httpd-php .php

I do not know what other permissions I need to change to allow apache to utilize php. I have set this up in the past using the instruction on the LAMP setup with out issue. Now, it is no longer correct. I would like to know what I did wrong so that I may correct the Wiki.

Thank you,

Does the line


in your file /etc/sysconfig/apache2 include the php8 module?

Stupid question: is that the correct place?
I do have /etc/apache2/ with a lot of config material, but I do not have /etc/sysconfig/apache2, I am on Leap 15.5 though.

Fyi https://doc.opensuse.org/documentation/leap/reference/html/book-reference/cha-apache2.html
Have a look to section 24.2.1.

Thanks for the link.

I must correct myself!!

I do have the file and it has:

boven:/etc/sysconfig # grep php apache2 
APACHE_MODULES="authz_host actions alias authn_file auth_basic authz_groupfile authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl reqtimeout authn_core socache_shmcb authz_core php7"
boven:/etc/sysconfig #

My sincere fault. I apologize.

And yes, I seem still to be on php7, thus when Tumbleweed uses php8, that should be there.

Though I still doubt the error message the OP shows points to the PHP module not being present. And we still do not know what was asked for, we only have the error, but for what?

I’m not sure either.

When I remove the php8-entry from /etc/sysconfig/apache2, restart apache and call (in firefox) the URL /localhost/index.php I get a prompt where to download the file.

However that behaviour might be due to my individual setup so I thought it might be worth asking …

I think that is normal. When you stop using PHP in your server, the URL is treated as a request to download file.php and no longer a request to execute file.php as a PHP script. Thus the server duly downloads it to the client, although I do not know what the MIME definition (The type= parameter in the HTTP header) will contain.

The client then gets a file with no, or an insufficient, MIME definition and thus has no idea how to render it. Thus it asks you in distress if it should download it and store in a file.

BTW, your test proves that in your Tumbleweed case PHP8 is used in the LAMP server and that you found the correct place where it is defined to be loaded and used.

And thus your question to the OP is correct (and my first answer to it about the path of the file was utterly wrong).

But apart from the fact that the OP should check your suggestion, I still think it is something different. The more beacuse his error is not the same as what you experience.

Probably something to do with the user running the server (wwwrun ?) and the owner of the files involved.

“Permission denied” usually come from security modules like AppArmor or SELinux. Does it work after


It can also come from service hardening. Try stopping apache service and run apache from terminal directly (not as systemd service). Does it work?

If you are using SELinux, try to disable it with

setenforce 0

Running aa-teardown solved the issue. I do, however, think that it would be a bad idea to run this system with all AppArmor profiles unloaded.

I did a cursory search for php AppArmor profile and didn’t see anything that stuck out as THE WAY I should add a profile to use PHP. I’m sure that there is a proper [open]SUSE way of doing this to keep this in a best practice condition.

Thank you so much!

Where did I suggest it?

Now when you know it is AppArmor you can review AppArmor logs using

ausearch -m AVC

or use aa-logprof to interactively review what was denied and add additional permissions.

You didn’t suggest it. By unloading the AppArmor profiles, I was able to access it. I was attempting to express that I do not wish to run the service in perpetuity like this.

I will review the AppArmor logs and attempt to find a proper solution for this.

Thank you very much again,