1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Apache server HTTP 403 error

By hypaspid ยท 8 replies
Sep 1, 2008
  1. I'm trying to set up Apache 2.2 as my webserver. After configuring everything and try to log on localhost i get the following error:HTTP403 Forbidden. in the error log files of Apache, the error logged is:
    [Mon Sep 01 15:19:05 2008] [error] [client 127.0.0.1] client denied by server configuration: C:/htdocs/index.php

    In the access log file, i get the following
    127.0.0.1 - - [01/Sep/2008:15:19:05 +0300] "GET /index.php HTTP/1.1" 403 211

    How can i correct this problem?

     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Usually, this is the problem:

    <Directory />
    Order deny,allow
    deny from all
    </Directory>

    This is a simple matter of adding:

    <Directory "C:/htdocs"> (<--I've edited this one a few times ! just put in where it is suppose to be!)
    AllowOverride All ( <-- also try without this line)
    Order allow,deny
    Allow from all
    </Directory>
     
  3. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Thanks Kimsland, it's now working.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks for the update :grinthumb

    Can you possibly copy and paste just that section again that worked (to a new reply) ?
    ie did you use "AllowOverride All"
    and what was the directory??

    this will just help me in future :)
     
  5. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Now the section looks as follows:

    <Directory "C:/htdocs">
    Options FollowSymLinks
    Order allow,deny
    Allow from all
    </Directory>
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks

    I thought this was optional too: Options FollowSymLinks
    So I didn't post it
     
  7. hypaspid

    hypaspid TS Rookie Topic Starter Posts: 26

    Is there a way to know what the different settings mean?
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes

    In this case we are allowing the default not allow permission

    But with all the commands. Hmm That would take a while
    Possibly Google would be best

    Anyway, if it works... :)

    All done :grinthumb
     
  9. jobeard

    jobeard TS Ambassador Posts: 10,432   +800

    The root of Apache2 configuration documentation is at http://httpd.apache.org/docs/1.3/configuring.html
    I'll address the Options below;

    The /htdocs directory (known as the DocumentRoot location) is where the public html files live.
    Normally, we install Apache2 (on windows) at C:\apache2 and the
    DocumentRoot would be at C:\apache2\htdocs.

    Why? Because you never want your server side scripts (ie: /cgi-bin ) to be located inside
    the DocumentRoot as that exposes them to attacks from the Internet.
    The script directory belongs as a peer directory to the DocumentRoot, eg:

    C:\apache2\htdocs
    C:\apache2\cgi-bin


    [edit] also has other directories that should not be accessible, eg:
    C:\apache2\bin
    C:\apache2\conf
    C:\apache2\logs

    [/edit]


    This stops any attack code from accessing /cgi-bin using the 'CD ../..' as the apache server stops that when it reaches the /htdocs directory.

    Options and Directives
    The Apache Directory statement is defined here

    The Directives are designed to be hierarchical so the first directive
    # First, we configure the "default" to be a very restrictive set of
    # features.
    #

    <Directory />
    Options FollowSymLinks
    AllowOverride None
    </Directory>​
    protects the entire apache filespace from Internet access. New pages and scripts
    are placed using FTP or local access which does not get restricted by this directive.

    (kimsland: <Directory "C:/htdocs"> is not the standard/approved location :) )

    At any rate, this is how you tell Apache from where to sever pages:
    DocumentRoot "C:/Apache/Apache2/htdocs" (I have both Apache1 and 2 installed)

    The next directive targets the DocumentRoot for Internet and scripting access

    <Directory "C:/Apache/Apache2/htdocs">
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    Options Indexes FollowSymLinks
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    # Options FileInfo AuthConfig Limit
    #
    AllowOverride Options
    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all
    </Directory>


    The Options are defined here
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...