Apache server HTTP 403 error

Status
Not open for further replies.

hypaspid

Posts: 26   +0
I'm trying to set up Apache 2.2 as my webserver. After configuring everything and try to log on localhost i get the following error:HTTP403 Forbidden. in the error log files of Apache, the error logged is:
[Mon Sep 01 15:19:05 2008] [error] [client 127.0.0.1] client denied by server configuration: C:/htdocs/index.php

In the access log file, i get the following
127.0.0.1 - - [01/Sep/2008:15:19:05 +0300] "GET /index.php HTTP/1.1" 403 211

How can i correct this problem?

 
Usually, this is the problem:

<Directory />
Order deny,allow
deny from all
</Directory>

This is a simple matter of adding:

<Directory "C:/htdocs"> (<--I've edited this one a few times ! just put in where it is suppose to be!)
AllowOverride All ( <-- also try without this line)
Order allow,deny
Allow from all
</Directory>
 
Thanks for the update :grinthumb

Can you possibly copy and paste just that section again that worked (to a new reply) ?
ie did you use "AllowOverride All"
and what was the directory??

this will just help me in future :)
 
Now the section looks as follows:

<Directory "C:/htdocs">
Options FollowSymLinks
Order allow,deny
Allow from all
</Directory>
 
Yes

In this case we are allowing the default not allow permission

But with all the commands. Hmm That would take a while
Possibly Google would be best

Anyway, if it works... :)

All done :grinthumb
 
The root of Apache2 configuration documentation is at http://httpd.apache.org/docs/1.3/configuring.html
I'll address the Options below;

The /htdocs directory (known as the DocumentRoot location) is where the public html files live.
Normally, we install Apache2 (on windows) at C:\apache2 and the
DocumentRoot would be at C:\apache2\htdocs.

Why? Because you never want your server side scripts (ie: /cgi-bin ) to be located inside
the DocumentRoot as that exposes them to attacks from the Internet.
The script directory belongs as a peer directory to the DocumentRoot, eg:

C:\apache2\htdocs
C:\apache2\cgi-bin


[edit] also has other directories that should not be accessible, eg:
C:\apache2\bin
C:\apache2\conf
C:\apache2\logs

[/edit]


This stops any attack code from accessing /cgi-bin using the 'CD ../..' as the apache server stops that when it reaches the /htdocs directory.

Options and Directives
The Apache Directory statement is defined here

The Directives are designed to be hierarchical so the first directive
# First, we configure the "default" to be a very restrictive set of
# features.
#

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>​
protects the entire apache filespace from Internet access. New pages and scripts
are placed using FTP or local access which does not get restricted by this directive.

(kimsland: <Directory "C:/htdocs"> is not the standard/approved location :) )

At any rate, this is how you tell Apache from where to sever pages:
DocumentRoot "C:/Apache/Apache2/htdocs" (I have both Apache1 and 2 installed)

The next directive targets the DocumentRoot for Internet and scripting access

<Directory "C:/Apache/Apache2/htdocs">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
Options Indexes FollowSymLinks
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride Options
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>


The Options are defined here
 
Status
Not open for further replies.
Back