Apache VirtualHost 403 Forbidden
I recently tried to set a test server up with Apache. The site must run under domain www.mytest.com
. I always get a 403 Forbidden
error. I am on Ubuntu 10.10 server edition. The doc root is under dir /var/www
. The following are my settings:
Content of /var/www
ls -l /var/www/
total 12
drwxr-xr-x 2 root root 4096 2011-08-04 11:26 mytest.com
-rwxr-xr-x 1 root root 177 2011-07-25 16:10 index.html
Content of the host file on the server (with IP 192.168.2.5)
cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 americano
192.168.2.5 americano.mytest.com www.mytest.com
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Site config
<VirtualHost *>
ServerAdmin [email protected]
ServerName www.mytest.com
ServerAlias mytest.com
DocumentRoot "/var/www/mytest.com"
ErrorLog /var/log/apache2/mytest-error_log
CustomLog /var/log/apache2/mytest-access_log combined
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/mytest.com">
Options -Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I have no .htaccess
file in my doc root. The permissions are set correctly (readable by www-data).
If I type in the IP address from my desktop, the site shows up correctly. I changed the hosts file on my desktop to point www.mytest.com
to the server's IP. When I use it, I get 403
. Since many functions of this site are sitename-sensitive, I have to be able to access the site by the domain name.
Another funky thing is, even if all log files are created properly, they have no information regarding this error.
I am stuck. Can anybody help?
Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error. You would also see a log message of the form "client denied by server configuration". The feature is requiring a user identity to access a directory. It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive
Require all denied
This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:
Require all granted
as in
<Directory "your directory here">
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
For apache Ubuntu 2.4.7 , I finally found you need to white list your virtual host in apache2.conf
# access here, or in any related virtual host.
<Directory /home/gav/public_html/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
This may be a permissions problem.
every single parent path to the virtual document root must be Readable, Writable, and Executable by the web server httpd user
according to this page about Apache 403 errors.
Since you're using Allow from all
, your order shouldn't matter, but you might try switching it to Deny,Allow
to set the default behavior to "allowing."