Apache 给出 403 禁止错误
[英]Apache giving 403 forbidden errors
问题描述
Ok, so i've previously set up two virtual hosts and they are working cool.
好的,所以我之前设置了两个虚拟主机,它们运行良好。 they both house simple web projects and work fine with http://project1 and http://project2 in the browser.它们都包含简单的 web 项目,并且可以在浏览器中使用http://project1和http://project2工作。
Anyway, I've come to add another vhost.无论如何,我来添加另一个虚拟主机。 I edited the /etc/hosts file with 127.0.0.1 project3 and also updated the httpd-vhosts.conf file by copy and pasting the previous entries for project2 and editing the file path.我用 127.0.0.1 project3 编辑了 /etc/hosts 文件,还通过复制和粘贴 project2 的先前条目并编辑文件路径来更新 httpd-vhosts.conf 文件。
I've checked all the file and folder permissions (in fact I copied and pasted from project2) and simply put a "hello world" message in the index.php file.我检查了所有文件和文件夹权限(实际上是我从 project2 复制和粘贴的),并在 index.php 文件中简单地放置了一条“hello world”消息。
I get a 403 forbidden permission denied message when accessing http://project3访问http://project3时收到 403 禁止权限被拒绝消息
Why is this, I just can figure out what step I've missed as everything seems to be set up correct.为什么会这样,我可以弄清楚我错过了哪一步,因为一切似乎都设置正确。
9 个解决方案
解决方案1
37 已采纳 2013-08-26 15:19:57
Check that :检查:
- Apache can physically access the file (the user that run apache, probably www-data or apache, can access the file in the filesystem) Apache 可以物理访问文件(运行 apache 的用户,可能是 www-data 或 apache,可以访问文件系统中的文件)
- Apache can list the content of the folder (read permission) Apache 可以列出文件夹的内容(读取权限)
- Apache has a "Allow" directive for that folder. Apache 对该文件夹有一个“允许”指令。 There should be one for /var/www/, you can check default vhost for example. /var/www/ 应该有一个,例如您可以检查默认虚拟主机。
Additionally, you can look at the error.log file (usually located at /var/log/apache2/error.log ) which will describe why you get the 403 error exactly.此外,您可以查看 error.log 文件(通常位于/var/log/apache2/error.log ),该文件将准确描述您收到 403 错误的原因。
Finally, you may want to restart apache, just to be sure all that configuration is applied.最后,您可能需要重新启动 apache,以确保应用所有配置。 This can be generally done with /etc/init.d/apache2 restart .这通常可以通过/etc/init.d/apache2 restart来完成。 On some system, the script will be called httpd.在某些系统上,该脚本将被称为 httpd。 Just figure out.只要弄清楚。
解决方案2
21 2018-07-07 18:50:02
I just fixed this issue after struggling for a few days.经过几天的努力,我刚刚解决了这个问题。 Here's what worked for me:以下是对我有用的内容:
First, check your Apache error_log file and look at the most recent error message.首先,检查您的 Apache error_log文件并查看最新的错误消息。
If it says something like:
如果它说的是:access to /mySite denied (filesystem path '/Users/myusername/Sites/mySite') because search permissions are missing on a component of the paththen there is a problem with your file permissions.
那么你的文件权限有问题。 You can fix them by running these commands from the terminal:您可以通过从终端运行这些命令来修复它们:$ cd /Users/myusername/Sites/mySite $ find . -type f -exec chmod 644 {} \\; $ find . -type d -exec chmod 755 {} \\;Then, refresh the URL where your website should be (such as
http://localhost/mySite).然后,刷新您的网站所在的 URL(例如http://localhost/mySite)。 If you're still getting a 403 error, and if your Apacheerror_logstill says the same thing, then progressively move up your directory tree, adjusting the directory permissions as you go.如果您仍然收到 403 错误,并且如果您的 Apache error_log仍然显示相同的内容,则逐步向上移动您的目录树,并随时调整目录权限。 You can do this from the terminal by:您可以通过以下方式从终端执行此操作:$ cd .. $ chmod 755 mySiteIf necessary, continue with:
如有必要,请继续:$ cd .. $ chmod Sitesand, if necessary,
如有必要,$ cd .. $ chmod myusernameDO NOT go up farther than that.
不要走得更远。 You could royally mess up your system.你可以彻底搞砸你的系统。 If you still get the error that says search permissions are missing on a component of the path, I don't know what you should do.如果您仍然收到错误消息,指出search permissions are missing on a component of the path,我不知道您应该怎么做。 However, I encountered a different error (the one below) which I fixed as follows:但是,我遇到了一个不同的错误(下面的一个),我修复了如下:If your
error_logsays something like:如果您的error_log如下内容:client denied by server configuration: /Users/myusername/Sites/mySitethen your problem is not with your file permissions, but instead with your Apache configuration.
那么您的问题不在于您的文件权限,而在于您的 Apache 配置。Notice that in your
httpd.conffile, you will see a default configuration like this (Apache 2.4+):请注意,在您的httpd.conf文件中,您将看到这样的默认配置(Apache 2.4+):<Directory /> AllowOverride none Require all denied </Directory>or like this (Apache 2.2):
或者像这样(Apache 2.2):<Directory /> Order deny,allow Deny from all </Directory>DO NOT change this!
不要改变这个! We will not override these permissions globally, but instead in your httpd-vhosts.conffile.我们不会全局覆盖这些权限,而是在您的httpd-vhosts.conf文件中。 First, however, make sure that your vhostIncludeline inhttpd.confis uncommented .但是,首先要确保httpd.conf中的 vhostInclude行是uncommented 。 It should look like this.它应该是这样的。 (Your exact path may be different.) (您的确切路径可能会有所不同。)# Virtual hosts Include etc/extra/httpd-vhosts.confNow, open the
httpd-vhosts.conffile that you justIncluded.现在,打开您刚刚Include的httpd-vhosts.conf文件 d。 Add an entry for your webpage if you don't already have one.如果您还没有,请为您的网页添加一个条目。 It should look something like this.它应该看起来像这样。 The DocumentRootandDirectorypaths should be identical, and should point to wherever yourindex.htmlorindex.phpfile is located.DocumentRoot和Directory路径应该相同,并且应该指向index.html或index.php文件所在的位置。 For me, that's within thepublicsubdirectory.对我来说,那是在public子目录中。For Apache 2.2:
对于 Apache 2.2:<VirtualHost *:80> # ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/Users/myusername/Sites/mySite/public" ServerName mysite # ErrorLog "logs/dummy-host2.example.com-error_log" # CustomLog "logs/dummy-host2.example.com-access_log" common <Directory "/Users/myusername/Sites/mySite/public"> Options Indexes FollowSymLinks Includes ExecCGI AllowOverride All Order allow,deny Allow from all Require all granted </Directory> </VirtualHost>The lines saying
台词说AllowOverride All Require all grantedare critical for Apache 2.4+.
对 Apache 2.4+ 至关重要。 Without these, you will not be overriding the default Apache settings specified in httpd.conf.如果没有这些,您将不会覆盖httpd.conf指定的默认 Apache 设置。 Note that if you are using Apache 2.2, these lines should instead say请注意,如果您使用的是 Apache 2.2,这些行应该改为Order allow,deny Allow from allThis change has been a major source of confusion for googlers of this problem, such as I, because copy-pasting these Apache 2.2 lines will not work in Apache 2.4+, and the Apache 2.2 lines are still commonly found on older help threads.
这一变化一直是这个问题的谷歌人的主要困惑来源,比如我,因为复制粘贴这些 Apache 2.2 行在 Apache 2.4+ 中不起作用,并且 Apache 2.2 行仍然常见于较旧的帮助线程中。Once you have saved your changes, restart Apache .
保存更改后,重新启动 Apache 。 The command for this will depend on your OS and installation, so google that separately if you need help with it.此命令将取决于您的操作系统和安装,因此如果您需要帮助,请单独使用谷歌搜索。
I hope this helps someone else!我希望这对其他人有帮助!
PS: If you are having trouble finding these .conf files, try running the find command, such as: PS:如果找不到这些.conf文件,请尝试运行find命令,例如:
$ find / -name httpd.conf
解决方案3
9 2015-03-23 10:33:22
restorecon命令的工作原理如下:
restorecon -v -R /var/www/html/
解决方案4
2 2020-11-02 23:14:43
但是,它并没有解决问题,因为在例如打开 SUSE Tumbleweed 时,自定义源构建在默认网页上触发了相同的 401 错误,该错误是使用索引和
Require all granted
解决方案5
1 2013-12-15 08:07:04
服务器可能需要您的主目录和其中的 .htaccess 的读取权限
解决方案6
0 2018-06-25 06:45:41
您可以尝试禁用 selinux 并使用以下命令重试
setenforce 0
解决方案7
0 2019-09-11 13:12:56
In my case it was failing as the IP of my source server was not whitelisted in the target server.在我的情况下,它失败了,因为我的源服务器的 IP 没有在目标服务器中列入白名单。
For eg I was trying to access https://prodcat.ref.test.co.uk from application running on my source server.例如,我试图从我的源服务器上运行的应用程序访问https://prodcat.ref.test.co.uk 。 On source server find IP by ifconfig在源服务器上通过 ifconfig 查找 IP
This IP should be whitelisted in the target Server's apache config file.此 IP 应在目标服务器的 apache 配置文件中列入白名单。 If its not then get it whitelist.如果不是,则将其列入白名单。
Steps to add a IP for whitelisting (if you control the target server as well) ssh to the apache server sudo su - cd /usr/local/apache/conf/extra (actual directories can be different based on your config)将 IP 添加到白名单的步骤(如果您也控制目标服务器) ssh 到 apache 服务器 sudo su - cd /usr/local/apache/conf/extra (实际目录可能因您的配置而异)
Find the config file for the target application for eg prodcat-443.conf找到目标应用程序的配置文件,例如 prodcat-443.conf
RewriteCond %{REMOTE_ADDR} <YOUR Server's IP>
for e.g.
RewriteCond %{REMOTE_ADDR} !^192\.68\.2\.98
Hope this helps someone希望这有助于某人
解决方案8
0 2020-10-21 22:13:35
Notice that another issue that might be causing this is that, the "FollowSymLinks" option of a parent directory might have been mistakenly overwritten by the options of your project's directory.请注意,可能导致此问题的另一个问题是,父目录的“FollowSymLinks”选项可能已被项目目录的选项错误地覆盖。 This was the case for me and made me pull my hair until I found out the cause!这就是我的情况,让我拉我的头发,直到我找出原因!
Here's an example of such a mistake :这是此类错误的示例:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options Indexes # <--- NOT OK! It's overwriting the above option of the "/" directory.
AllowOverride all
Require all granted
</Directory>
So now if you check the Apache's log message( tail -n 50 -f /var/www/html/{the_error_log_file_of_your_site} ) you'll see such an error:所以现在如果你检查 Apache 的日志消息( tail -n 50 -f /var/www/html/{the_error_log_file_of_your_site} )你会看到这样的错误:
Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive
is also forbidden due to its similar ability to circumvent directory restrictions
That's because Indexes in the above rules for /var/www directory is overwriting the FolowSymLinks of the / directory.这是因为/var/www目录的上述规则中的Indexes覆盖了/目录的FolowSymLinks 。 So now that you know the cause, in order to fix it, you can do many things depending on your need.所以现在您知道了原因,为了解决它,您可以根据需要做很多事情。 For instance:例如:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes # <--- OK.
AllowOverride all
Require all granted
</Directory>
Or even this:甚至这个:
<Directory />
Options FollowSymLinks
AllowOverride all
Require all denied
</Directory>
<Directory /var/www/>
Options -Indexes # <--- OK as well! It will NOT cause an overwrite.
AllowOverride all
Require all granted
</Directory>
The example above will not cause the overwrite issue, because in Apache, if an option is "+" it will overwrite the "+"s only, and if it's a "-", it will overwrite the "-"s... (Don't ask me for a reference on that though, it's just my interpretation of an Apache's error message(checked through journalctl -xe ) which says: Either all Options must start with + or -, or no Option may. when an option has a sign, but another one doesn't(Eg, FollowSymLinks -Indexes). So it's my personal conclusion -thus should be taken with a grain of salt- that if I've used -Indexes as the option, that will be considered as a whole distinct set of options by the Apache from the other option in the "/" which doesn't have any signs on it, and so no annoying rewrites will occur in the end, which I could successfully confirm by the above rules in a project directory of my own).上面的例子不会导致覆盖问题,因为在Apache中,如果一个选项是“+”,它只会覆盖“+”,如果它是“-”,它会覆盖“-”...... (不过,不要问我对此的参考,这只是我对 Apache 错误消息的解释(通过journalctl -xe检查),其中说: Either all Options must start with + or -, or no Option may.当一个选项有一个标志,但另一个没有(例如,FollowSymLinks -Indexes)。所以这是我个人的结论 - 因此应该持保留态度 - 如果我使用-Indexes作为选项,那将被考虑作为 Apache 的一组完全不同的选项,“/”中的另一个选项上没有任何标志,因此最终不会发生烦人的重写,我可以通过上述规则成功确认我自己的项目目录)。
Hope that this will help you pull much less of your hair!希望这会帮助你减少你的头发! :) :)
解决方案9
0 2022-09-10 02:26:01
Add添加
<Directory "/path/to/webroot">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow, deny
Allow from all
Require all granted
</Directory>
to your config file (eg /etc/apache2/sites-enabled/000-default.conf) Tested LAMP stack Debian 11到您的配置文件(例如 /etc/apache2/sites-enabled/000-default.conf) 测试 LAMP 堆栈 Debian 11
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.