Fixing 403 Forbidden on alias directory with Apache
I am trying to setup an alias to point to some directory on my filesystem not in DocumentRoot. Now I get a 403 Forbidden response. These are the steps taken: 1. edit http.conf, adding:
Alias /example "/Users/user/Documents/example"
then...
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all</Directory>
2. setting permissions with chmod in terminal:
chmod 755 /Users/user/Documents/example
Now it shoul开发者_Go百科d work? instead I get the access forbidden. This is the output from error_log:
[Sun Jul 24 06:57:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /example denied
I was having this issue on OS X too. It turned out gliptak was right, but I've some more detail to add.
We're both attempting to configure a virtual directory for a folder under a user's home folder; I think this is why we're having the problem. In my case, I had the following setup:
- Home folder is
/Users/calrion. - Virtual directory folder is
/Users/calrion/Path/to/www. - There's a symlink
/Users/calrion/Pathpointing to/Volumes/Other/Users/calrion/Path.
The problem was the user and group _www (which Apache runs as on OS X) lacked execute access to /Users/calrion and /Volumes/Other/Users/calrion.
Running chmod o+x /Users/calrion and chmod o+x /Volumes/Other/Users/calrion resolved the issue (on OS X 10.7.4).
The rule here is that Apache requires execute access to all folders in the path in order to serve files. Without this, you'll get a HTTP 403 (forbidden).
The last straw ;) Required local in the Directory Entry...
like
<Directory "/Users/user/Documents/example">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
Order allow,deny
Allow from all
</Directory>
if everything else doesn't work (correct Alias, Directory Entry in httpd.conf and correct mod/usr/grp).
keep in mind: if you put your site in user-space the apache user (running httpd) needs access to your home!
Check permission on /Users/user/Documents/, /Users/user/ (higher level permissions are enforced first ...)
/bin/su into the user running Apache (like www, www-data) and cat a file in the /Users/user/Documents/example directory. That might point you to permission problems with your setup.
These are all very good answers. None of them worked for me.
I have an alias specified in OSX server pointing to a user directory. I spent a long while chmodding and messing with _www user, adding executable permissions recursively, uninstalling macports and all sorts of stuff trying to get this to work. I tried 777. Nope. No idea why it wasn't working.
Eventually, I just checked the "shared folder" checkbox in the Finder for that folder, and it worked, on the specified domain, with php active, the way I wanted it to. :/ ...so that was easy.
I was just having this exact same issue. What I found was SE_Linux was enabled, and the security context of the files in my Aliased directory was incorrect, missing httpd_sys_content_t.
You can view the security context with ls -Z. If your files/folders don't have httpd_sys_content_t then apache won't server them up! You can add the proper context with something like chcon -R --type=httpd_sys_content_t /new_html_directory. This will change the context of the files currently in the directory, but not any files that are added afterwards (for that you'll need to work with semanage). Your other option is to just leave the files under /var/www.
Here's what fixed it for me:
in /etc/apache2/httpd.conf
<Directory />
Options FollowSymLinks
AllowOverride None
# REMOVE THESE LINES
#Order deny,allow
#Deny from all
# ADD THIS LINE
Require all denied
</Directory>
This change implements changes made in the apache update from 2.2 to 2.4. The OSX Yosemite update brought the apache update with it (PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks).
The weird thing is that I already got apache 2.4 working, and suddenly it breaks again....
PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks
After lots of time waste i fixed the issue and i wanted to share to save your time.
All the gentelmen above and on other posts has some correct parts in their answers but below is the sum
In your "/etc/apache2/httpd.conf" file:
1- change your document root
Original: DocumentRoot "/Library/WebServer/Documents"
Change to: DocumentRoot "/Users/yourname/www"
2- change
Original:
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Change to:
<Directory /Users/yourname/www>
Options FollowSymLinks Includes ExecCGI
AllowOverride None
Order deny,allow
Deny from all
</Directory>
3- Change:
Original:
<Directory "/Library/WebServer/Documents">
Change to:
<Directory "/Users/yourname/www">
4- Finally, you might not need this step if you are the supper user, this is to set the right permition on your new root folder
chmod 755 /Users/yourname/www
Hope this will help
It certainly does look right, do a sanity check.
you restarted apache
check group and user ownership
I think the quotes can be removed
there is something in /Users/user/Documents/example ?
try 777
-sean
SELinux was the culprit for me. If you're having this issue on a linux box and your alias and file permissions are correct than try doing a "setenforce 0" to put SELinux into permissive mode. That did the trick for me.
I had to revert my apache config file and then set up the server again. found this useful: https://apple.stackexchange.com/questions/41143/how-to-revert-default-mac-apache-install-to-original
Quick Solution:
Use these commands as root on Linux:
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;
加载中,请稍侯......
精彩评论