使用Apache在别名目录上修复403 Forbidden

Question

I am trying to setup an alias to point to some directory on my filesystem not in DocumentRoot. Now I get a 403 Forbidden response. These are the steps taken: 1. edit http.conf, adding:

Alias /example "/Users/user/Documents/example"

then...

<Directory "/Users/user/Documents/example">
   Options Indexes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   Allow from all</Directory>

2. setting permissions with chmod in terminal:

chmod 755 /Users/user/Documents/example

Now it should work? instead I get the access forbidden. This is the output from error_log:

[Sun Jul 24 06:57:57 2011] [error] [client xx.xx.xx.xx] (13)Permission denied: access to /example denied

Answer 1

I was having this issue on OS X too. It turned out gliptak was right, but I've some more detail to add.

We're both attempting to configure a virtual directory for a folder under a user's home folder; I think this is why we're having the problem. In my case, I had the following setup:

• Home folder is /Users/calrion .
• Virtual directory folder is /Users/calrion/Path/to/www .
• There's a symlink /Users/calrion/Path pointing to /Volumes/Other/Users/calrion/Path .

The problem was the user and group _www (which Apache runs as on OS X) lacked execute access to /Users/calrion and /Volumes/Other/Users/calrion .

Running chmod o+x /Users/calrion and chmod o+x /Volumes/Other/Users/calrion resolved the issue (on OS X 10.7.4).

The rule here is that Apache requires execute access to all folders in the path in order to serve files. Without this, you'll get a HTTP 403 (forbidden).

Answer 2

The last straw ;) Required local in the Directory Entry...

like

<Directory "/Users/user/Documents/example">
   Options Indexes FollowSymLinks MultiViews
   AllowOverride All
   Require local
   Order allow,deny
   Allow from all
</Directory>

if everything else doesn't work (correct Alias, Directory Entry in httpd.conf and correct mod/usr/grp).

keep in mind: if you put your site in user-space the apache user (running httpd) needs access to your home!

Answer 3

These are all very good answers. None of them worked for me.

I have an alias specified in OSX server pointing to a user directory. I spent a long while chmodding and messing with _www user, adding executable permissions recursively, uninstalling macports and all sorts of stuff trying to get this to work. I tried 777. Nope. No idea why it wasn't working.

Eventually, I just checked the "shared folder" checkbox in the Finder for that folder, and it worked, on the specified domain, with php active, the way I wanted it to. :/ ...so that was easy.

Answer 4

Check permission on /Users/user/Documents/ , /Users/user/ (higher level permissions are enforced first ...)

/bin/su into the user running Apache (like www, www-data) and cat a file in the /Users/user/Documents/example directory. That might point you to permission problems with your setup.

Answer 5

I was just having this exact same issue. What I found was SE_Linux was enabled, and the security context of the files in my Aliased directory was incorrect, missing httpd_sys_content_t.

You can view the security context with ls -Z . If your files/folders don't have httpd_sys_content_t then apache won't server them up! You can add the proper context with something like chcon -R --type=httpd_sys_content_t /new_html_directory . This will change the context of the files currently in the directory, but not any files that are added afterwards (for that you'll need to work with semanage). Your other option is to just leave the files under /var/www.

Answer 6

Here's what fixed it for me:

in /etc/apache2/httpd.conf

<Directory />
    Options FollowSymLinks
    AllowOverride None

    # REMOVE THESE LINES
    #Order deny,allow
    #Deny from all

    # ADD THIS LINE
    Require all denied
</Directory>

This change implements changes made in the apache update from 2.2 to 2.4 . The OSX Yosemite update brought the apache update with it (PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks).

The weird thing is that I already got apache 2.4 working, and suddenly it breaks again....

PSA: if you're planning on upgrading to Yosemite, budget yourself a week to fix everything it breaks

Answer 7

After lots of time waste i fixed the issue and i wanted to share to save your time.

All the gentelmen above and on other posts has some correct parts in their answers but below is the sum

In your "/etc/apache2/httpd.conf" file:

1- change your document root

Original: DocumentRoot "/Library/WebServer/Documents"
Change to: DocumentRoot "/Users/yourname/www"

2- change

Original:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

Change to:

<Directory /Users/yourname/www>
    Options FollowSymLinks Includes ExecCGI
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

3- Change:

Original:

<Directory "/Library/WebServer/Documents">

Change to:

<Directory "/Users/yourname/www">

4- Finally, you might not need this step if you are the supper user, this is to set the right permition on your new root folder

chmod 755 /Users/yourname/www

Hope this will help

Answer 8

I had to revert my apache config file and then set up the server again. found this useful: https://apple.stackexchange.com/questions/41143/how-to-revert-default-mac-apache-install-to-original

Answer 9

Quick Solution:

Use these commands as root on Linux:

find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;

Answer 10

It certainly does look right, do a sanity check.

• you restarted apache

• check group and user ownership

• I think the quotes can be removed

• there is something in /Users/user/Documents/example ?

• try 777

-sean

Answer 11

SELinux was the culprit for me. If you're having this issue on a linux box and your alias and file permissions are correct than try doing a "setenforce 0" to put SELinux into permissive mode. That did the trick for me.