TechSpot

Apache server HTTP 403 error

By hypaspid
Sep 1, 2008
  1. I'm trying to set up Apache 2.2 as my webserver. After configuring everything and try to log on localhost i get the following error:HTTP403 Forbidden. in the error log files of Apache, the error logged is:
    [Mon Sep 01 15:19:05 2008] [error] [client 127.0.0.1] client denied by server configuration: C:/htdocs/index.php

    In the access log file, i get the following
    127.0.0.1 - - [01/Sep/2008:15:19:05 +0300] "GET /index.php HTTP/1.1" 403 211

    How can i correct this problem?

     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Usually, this is the problem:

    <Directory />
    Order deny,allow
    deny from all
    </Directory>

    This is a simple matter of adding:

    <Directory "C:/htdocs"> (<--I've edited this one a few times ! just put in where it is suppose to be!)
    AllowOverride All ( <-- also try without this line)
    Order allow,deny
    Allow from all
    </Directory>
     
  3. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Thanks Kimsland, it's now working.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks for the update :grinthumb

    Can you possibly copy and paste just that section again that worked (to a new reply) ?
    ie did you use "AllowOverride All"
    and what was the directory??

    this will just help me in future :)
     
  5. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Now the section looks as follows:

    <Directory "C:/htdocs">
    Options FollowSymLinks
    Order allow,deny
    Allow from all
    </Directory>
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks

    I thought this was optional too: Options FollowSymLinks
    So I didn't post it
     
  7. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Is there a way to know what the different settings mean?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes

    In this case we are allowing the default not allow permission

    But with all the commands. Hmm That would take a while
    Possibly Google would be best

    Anyway, if it works... :)

    All done :grinthumb
     
  9. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    The root of Apache2 configuration documentation is at http://httpd.apache.org/docs/1.3/configuring.html
    I'll address the Options below;

    The /htdocs directory (known as the DocumentRoot location) is where the public html files live.
    Normally, we install Apache2 (on windows) at C:\apache2 and the
    DocumentRoot would be at C:\apache2\htdocs.

    Why? Because you never want your server side scripts (ie: /cgi-bin ) to be located inside
    the DocumentRoot as that exposes them to attacks from the Internet.
    The script directory belongs as a peer directory to the DocumentRoot, eg:

    C:\apache2\htdocs
    C:\apache2\cgi-bin


    [edit] also has other directories that should not be accessible, eg:
    C:\apache2\bin
    C:\apache2\conf
    C:\apache2\logs

    [/edit]


    This stops any attack code from accessing /cgi-bin using the 'CD ../..' as the apache server stops that when it reaches the /htdocs directory.

    Options and Directives
    The Apache Directory statement is defined here

    The Directives are designed to be hierarchical so the first directive
    # First, we configure the "default" to be a very restrictive set of
    # features.
    #

    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>​
    protects the entire apache filespace from Internet access. New pages and scripts
    are placed using FTP or local access which does not get restricted by this directive.

    (kimsland: <Directory "C:/htdocs"> is not the standard/approved location :) )

    At any rate, this is how you tell Apache from where to sever pages:
    DocumentRoot "C:/Apache/Apache2/htdocs" (I have both Apache1 and 2 installed)

    The next directive targets the DocumentRoot for Internet and scripting access

    <Directory "C:/Apache/Apache2/htdocs">
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    Options Indexes FollowSymLinks
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    # Options FileInfo AuthConfig Limit
    #
    AllowOverride Options
    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all
    </Directory>


    The Options are defined here
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...