Ubuntu 服务器上的 Apache 2.4.6:客户端被服务器配置拒绝 (PHP FPM) [加载 PHP 文件时]
[英]Apache 2.4.6 on Ubuntu Server: Client denied by server configuration (PHP FPM) [While loading PHP file]
问题描述
Today I was updated Ubuntu server 13.04 (Raring Ringtail) → 13.10 (Saucy Salamander).
今天我更新了Ubuntu 服务器 13.04 (Raring Ringtail) → 13.10 (Saucy Salamander)。
And my Apache 2 installation is broken.我的 Apache 2 安装坏了。
Here my configuration:这是我的配置:
File error.log文件错误error.log
[Fri Oct 18 10:48:07.237170 2013] [:notice] [pid 8292:tid 139804677900160] FastCGI: process manager initialized (pid 8292)
[Fri Oct 18 10:48:07.241185 2013] [mpm_event:notice] [pid 8289:tid 139804677900160] AH00489: Apache/2.4.6 (Ubuntu) mod_fastcgi/mod_fastcgi-SNAP-0910052141 configured -- resuming normal operations
[Fri Oct 18 10:48:07.241652 2013] [core:notice] [pid 8289:tid 139804677900160] AH00094: Command line: '/usr/sbin/apache2'
[Fri Oct 18 10:48:28.313923 2013] [authz_core:error] [pid 8294:tid 139804573181696] [client 81.219.59.75:3536] AH01630: client denied by server configuration: /usr/lib/cgi-bin/php5-fcgi
File default.conf文件default.conf
#EU
<VirtualHost *:80>
#ServerName
DocumentRoot /var/www/dev_stable
DirectoryIndex index.php index.html index.htm
<Directory /var/www/dev_stable>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
File mods-enabled/fastcgi.conf文件mods-enabled/fastcgi.conf
#<IfModule mod_fastcgi.c>
# AddHandler fastcgi-script .fcgi
# FastCgiWrapper /usr/lib/apache2/suexec
# FastCgiIpcDir /var/lib/apache2/fastcgi
#</IfModule>
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
</Ifmodule>
When I trying to load the file via the browser I got:当我尝试通过浏览器加载文件时,我得到:
site_name/TEST/
Forbidden
You don't have permission to access /php5-fcgi/TEST/index.php on this server.
What should I to fix it?我应该怎么修?
11 个解决方案
解决方案1
115 已采纳 2013-10-18 14:18:08
I have exactly the same issue.我有完全相同的问题。 I ran a couple of virtual hosts on my local machine for developing.我在本地机器上运行了几个虚拟主机进行开发。
First, I changed /etc/apache2/conf-available/php5-fpm.conf .首先,我更改了/etc/apache2/conf-available/php5-fpm.conf 。 I replaced every我更换了每个
Order Deny,Allow
Deny from all
to到
Require all granted
The configuration has to be enabled by a2enconf php5-fpm .必须通过a2enconf php5-fpm启用配置。 I did the same with my virtual hosts configurations and made the replacements.我对我的虚拟主机配置做了同样的事情并进行了替换。
I think this is not advised for security reasons, but as long as I use my server for local purposes only I can live with it.我认为出于安全原因不建议这样做,但只要我将服务器用于本地目的,我就可以忍受它。
解决方案2
40 2014-04-10 23:34:28
I ran into this exact issue upon a new install of Apache 2.4.我在新安装 Apache 2.4 时遇到了这个确切的问题。 After a few hours of googling and testing I finally found out that I also had to allow access to the directory that contains the (non-existent) target of the Alias directive.经过几个小时的谷歌搜索和测试,我终于发现我还必须允许访问包含 Alias 指令的(不存在的)目标的目录。 That is, this worked for me:也就是说,这对我有用:
# File: /etc/apache2/conf-available/php5-fpm.conf
<IfModule mod_fastcgi.c>
AddHandler php5-fcgi .php
Action php5-fcgi /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization
# NOTE: using '/usr/lib/cgi-bin/php5-cgi' here does not work,
# it doesn't exist in the filesystem!
<Directory /usr/lib/cgi-bin>
Require all granted
</Directory>
</Ifmodule>
解决方案3
22 2013-10-18 22:36:16
I ran into a similar problem today (but with mod_wsgi ).我今天遇到了类似的问题(但使用mod_wsgi )。 It might be an Apache 2.2-to-2.4 problem.这可能是 Apache 2.2 到 2.4 的问题。 A comprehensive list of changes can be found here .可以在此处找到完整的更改列表。
For me, it helped to add an additional <Directory> -entry for every path the error-log was complaining about and filling the section with Require all granted .对我来说,它有助于为错误日志抱怨的每个路径添加一个额外的<Directory>条目,并用Require all granted grant 填充该部分。
So in your case you could try所以在你的情况下你可以尝试
<Directory /usr/lib/cgi-bin/php5-fcgi>
Require all granted
Options FollowSymLinks
</Directory>
and I had to move my configuration file from folder conf.d to folder sites-enabled .我不得不将我的配置文件从文件夹conf.d移动到文件夹sites-enabled 。
All in all, that did the trick for me, but I don't guarantee it works in your case as well.总而言之,这对我有用,但我不保证它也适用于您的情况。
解决方案4
20 2013-11-24 23:59:10
I recently ran into the same problem.我最近遇到了同样的问题。 I had to change my virtual hosts from:我不得不改变我的虚拟主机:
<VirtualHost *:80>
ServerName local.example.com
DocumentRoot /home/example/public
<Directory />
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
To:至:
<VirtualHost *:80>
ServerName local.example.com
DocumentRoot /home/example/public
<Directory />
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
解决方案5
9 2014-07-03 12:41:00
In apache2.conf , replace or delete <Directory /> AllowOverride None Require all denied </Directory>, like suggested Jan Czarny.在apache2.conf ,替换或删除 <Directory /> AllowOverride None Require all denied </Directory>,就像建议的 Jan Czarny。
For example:例如:
<Directory />
Options FollowSymLinks
AllowOverride None
#Require all denied
Require all granted
</Directory>
This worked in Ubuntu 14.04 (Trusty Tahr).这在Ubuntu 14.04 (Trusty Tahr) 中有效。
解决方案6
8 2013-12-22 12:45:33
Your virtualhost filename should be mysite.com.conf and should contain this info你的虚拟主机文件名应该是 mysite.com.conf 并且应该包含这个信息
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin info@mysite.com
DocumentRoot /var/www/mysite
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/mysite">
Options All
AllowOverride All
Require all granted
</Directory>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
解决方案7
3 2015-02-08 18:02:19
I don't think that replacing "Require all denied" with "Require all granted" in this directive:我不认为在此指令中将“要求全部拒绝”替换为“要求全部授予”:
<Directory>
Options FollowSymLinks
AllowOverride None
#Require all denied
Require all granted
</Directory>
as suggested by Jan Czarny and seonded by user3801675 is the most secure way of solving this problem.正如 Jan Czarny 所建议的和 user3801675 所建议的那样,是解决这个问题的最安全的方法。
According to the Apache configuration files, that line denies access to the entirety of your server's filesystem.根据 Apache 配置文件,该行拒绝访问您服务器的整个文件系统。 Replacing it might indeed allow access to your virtual host folders but at the price of allowing access to your entire computer as well!更换它确实可能允许访问您的虚拟主机文件夹,但代价是也允许访问您的整个计算机!
Gev Balyan's approach seems to be the most secure approach here. Gev Balyan 的方法似乎是这里最安全的方法。 It was the answer to the "access denied problems" plaguing me after setting up my new Apache server this morning.这是今天早上设置我的新 Apache 服务器后困扰我的“访问被拒绝问题”的答案。
解决方案8
1 2015-07-21 20:42:17
And I simply got this error because I used a totally different DocumentRoot directory.我只是得到了这个错误,因为我使用了一个完全不同的 DocumentRoot 目录。
My main DocumentRoot was the default /var/www/html and on the VirtualHost I used /sites/example.com我的主要 DocumentRoot 是默认的/var/www/html并且在我使用的 VirtualHost 上/sites/example.com
I have created a link on /var/www/html/example.com (to /sites/example.com ).我在/var/www/html/example.com (到/sites/example.com )上创建了一个链接。 DocumentRoot was set to /var/www/html/example.com DocumentRoot 被设置为/var/www/html/example.com
It worked like a charm.它就像一个魅力。
解决方案9
0 2019-04-07 20:53:44
I had the same issue after upgrading my system.升级系统后我遇到了同样的问题。 In my case, the problem was caused by the order of loading configuration files.就我而言,问题是由加载配置文件的顺序引起的。 In the /etc/httpd/httpd.conf initally it was defined as follows:在/etc/httpd/httpd.conf最初定义如下:
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
After some hours of attempts, I tried the following order:经过几个小时的尝试,我尝试了以下顺序:
IncludeOptional sites-enabled/*.conf
IncludeOptional conf.d/*.conf
And it works fine now.现在它工作正常。
解决方案10
0 2019-05-17 10:07:34
I had the following configuration in my httpd.conf that denied executing the wpadmin/setup-config.php file from wordpress.我的 httpd.conf 中有以下配置拒绝从 wordpress 执行 wpadmin/setup-config.php 文件。 Removing the |-config part solved the problem.删除 |-config 部分解决了问题。 I think this httpd.conf is from plesk but it could be some default suggested config from wordpress, i don't know.我认为这个 httpd.conf 来自 plesk,但它可能是 wordpress 的一些默认建议配置,我不知道。 Anyway, I could safely add it back after the setup finished.无论如何,我可以在设置完成后安全地将其添加回来。
<LocationMatch "(?i:(?:wp-config\\.bak|\\.wp-config\\.php\\.swp|(?:readme|license|changelog|-config|-sample)\\.(?:php|md|txt|htm|html)))">
Require all denied
</LocationMatch>
解决方案11
-3 2013-12-03 06:10:59
For those of you on AWS (Amazon Web Services), remember to add a rule for your SSL port (in my case 443) to your security groups.对于 AWS (Amazon Web Services) 上的那些人,请记住为您的 SSL 端口(在我的例子中为 443)添加一个规则到您的安全组。 I was getting this error because I forgot to open the port.我收到此错误是因为我忘记打开端口。
3 hours of tearing my hair out later... 3小时后撕掉我的头发......
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.