[英]Error message "Forbidden You don't have permission to access / on this server" [closed]
我自己配置了我的 Apache,并尝试在虚拟主机上加载phpMyAdmin ,但我收到:
403 Forbidden 您无权访问此服务器上的 /
我的 httpd.conf
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "C:/Program Files (x86)/Apache Software Foundation/Apache2.2" will be interpreted by the
# server as "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/foo.log".
#
# NOTE: Where filenames are specified, you must use forward slashes
# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
# If a drive letter is omitted, the drive on which httpd.exe is located
# will be used by default. It is recommended that you always supply
# an explicit drive letter in absolute paths to avoid confusion.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk. If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 127.0.0.1:80
Include conf/vhosts.conf
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_lock_module modules/mod_dav_lock.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule dumpio_module modules/mod_dumpio.so
LoadModule env_module modules/mod_env.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule filter_module modules/mod_filter.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule ident_module modules/mod_ident.so
#LoadModule imagemap_module modules/mod_imagemap.so
LoadModule include_module modules/mod_include.so
#LoadModule info_module modules/mod_info.so
LoadModule isapi_module modules/mod_isapi.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule logio_module modules/mod_logio.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule mime_module modules/mod_mime.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
#LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
#LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule ssl_module modules/mod_ssl.so
#LoadModule status_module modules/mod_status.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule unique_id_module modules/mod_unique_id.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule version_module modules/mod_version.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule php5_module "c:/Program Files/php/php5apache2_2.dll"
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon
</IfModule>
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.example
#
ServerAdmin webmaster@somenet.example
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.somenet.example:80
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "logs/access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "logs/access.log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.somenet.example/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock logs/cgisock
</IfModule>
#
# "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig conf/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.somenet.example/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off
# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf
# Language settings
#Include conf/extra/httpd-languages.conf
# User home directories
#Include conf/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf
# Various default settings
#Include conf/extra/httpd-default.conf
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
PHPIniDir "c:/Program Files/php"
和 vhosts.conf:
NameVirtualHost 127.0.0.1:80
<VirtualHost 127.0.0.1:80>
DocumentRoot i:/projects/webserver/__tools/phpmyadmin/
ServerName dbadmin.tools
</VirtualHost>
4年前,由于这个答案被许多人用作参考,虽然这些年来我从安全角度学到了很多东西,但我觉得我有责任澄清一些重要的注意事项,并且我已经相应地更新了我的答案。
最初的答案是正确的,但对于某些生产环境来说并不安全,另外我想解释一下您在设置环境时可能遇到的一些问题。
如果您正在寻找快速解决方案并且安全不是问题,即开发环境,请跳过并阅读原始答案
许多情况会导致403 Forbidden :
mod_autoindex.c ) 当您访问一个目录并且在该目录中没有找到默认文件并且未为此目录启用 Apache Options Indexes时。
DirectoryIndex选项示例DirectoryIndex index.html default.php welcome.php
Options Indexes选项如果设置,如果没有找到默认文件,Apache将列出目录内容(来自上面的👆🏻选项)
您将收到403 Forbidden
DirectoryIndex限制为最小值。.htaccess文件,或将修改放在<Directory /my/directory>指令中deny,allow指令 (Apache 2.2)@Radu、@Simon A. Eugster 在评论中提到您的请求被这些指令拒绝、列入黑名单或列入白名单。
我不会发布完整的解释,但我认为一些示例可以帮助您理解,简而言之,请记住以下规则:
如果两者都匹配,则最后一个指令将获胜
Order allow,deny 如果两个指令都匹配,则拒绝将获胜(即使在 conf 中的deny之后写入了allow指令)
Order deny,allow如果两个指令都匹配,则允许将获胜
Order allow,deny
Allow from localhost mydomain.example
只有localhost和*.mydomain.example可以访问它,所有其他主机都被拒绝
Order allow,deny
Deny from evil.example
Allow from safe.evil.example # <-- has no effect since this will be evaluated first
所有请求都被拒绝,最后一行可能会欺骗您,但请记住,如果与最后一个获胜规则(这里拒绝是最后一个)都匹配,则与写入相同:
Order allow,deny
Allow from safe.evil.example
Deny from evil.example # <-- will override the previous one
Order deny,allow
Allow from site.example
Deny from untrusted.site.example # <-- has no effect since this will be matched by the above `Allow` directive
接受来自所有主机的请求
Order allow,deny
Allow from all
Deny from hacker1.example
Deny from hacker2.example
Order deny,allow
Deny from all
Allow from mypc.localdomain
Allow from managment.localdomain
Require指令 (Apache 2.4) Apache 2.4 使用了一个名为mod_authz_host的新模块
Require all granted => 允许所有请求
Require all denied => 拒绝所有请求
Require host safe.example => 只允许来自safe.example
大多数人做错的一件事是配置文件权限,
黄金法则是
未经许可开始并根据您的需要添加
在 Linux 中:
目录应该有Execute权限
文件应具有Read权限
是的,你是对的 不要添加文件的Execute权限
例如,我使用这个脚本来设置文件夹权限
# setting permissions for /var/www/mysite.example
# read permission ONLY for the owner
chmod -R /var/www/mysite.example 400
# add execute for folders only
find /var/www/mysite.example -type d -exec chmod -R u+x {} \;
# allow file uploads
chmod -R /var/www/mysite.example/public/uploads u+w
# allow log writing to this folder
chmod -R /var/www/mysite.example/logs/
我将此代码作为示例发布,在其他情况下设置可能会有所不同
我遇到了同样的问题,但我通过在httpd.conf的全局目录设置或httpd-vhosts.conf的特定目录块中设置选项指令来解决它:
Options Indexes FollowSymLinks Includes ExecCGI
默认情况下,您的全局目录设置为(httpd.conf line ~188) :
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
将选项设置为: Options Indexes FollowSymLinks Includes ExecCGI
最后,它应该如下所示:
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
还尝试通过Require all granted更改所有行的Order deny,allow和Allow from all 。
if (allow_opts & OPT_INDEXES) {
return index_directory(r, d);
} else {
const char *index_names = apr_table_get(r->notes, "dir-index-names");
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01276)
"Cannot serve directory %s: No matching DirectoryIndex (%s) found, and "
"server-generated directory index forbidden by "
"Options directive",
r->filename,
index_names ? index_names : "none");
return HTTP_FORBIDDEN;
}
我知道这个问题已经解决,但我碰巧自己解决了同样的问题。
的原因
Forbidden 您无权访问此服务器上的 /
实际上是httpd.conf中 apache 目录的默认配置。
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory "/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all # the cause of permission denied
</Directory>
只需将Deny from all更改为Allow from all即可解决权限问题。
或者,更好的方法是在虚拟主机配置上指定单个目录权限。
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Allow from all
</Directory>
....
</VirtualHost>
但是,从Apache-2.4开始,访问控制是使用新模块mod_authz_host完成的(从 2.2 升级到 2.4 )。 因此,应该使用新的Require指令。
<VirtualHost *:80>
....
# Set access permission
<Directory "/path/to/docroot">
Require all granted
</Directory>
....
</VirtualHost>
托管在默认 /var/www/ 之外的目录的一个常见问题是 Apache 用户不仅需要对托管站点的目录和子目录的权限。 Apache 需要所有目录的权限,一直到托管站点的文件系统的根目录。 Apache 在安装时会自动获得分配给 /var/www/ 的权限,因此如果您的主机目录直接位于其下方,那么这不适用于您。 编辑:Daybreaker 报告说他的 Apache 安装时没有对默认目录的正确访问权限。
例如,您有一台开发机器,您的站点目录是:
/username/home/Dropbox/myamazingsite/
你可能认为你可以逃脱:
chgrp -R www-data /username/home/Dropbox/myamazingsite/
chmod -R 2750 /username/home/Dropbox/myamazingsite/
因为这给了 Apache 访问您网站目录的权限? 嗯,这是正确的,但这还不够。 Apache 需要目录树的所有权限,因此您需要做的是:
chgrp -R www-data /username/
chmod -R 2750 /username/
显然,我不建议在不分析该目录结构中的内容的情况下,将生产服务器上的 Apache 访问权限授予完整的目录结构。 对于生产,最好保留默认目录或其他仅用于保存 Web 资产的目录结构。
Edit2:正如 u/chimeraha 指出的那样,如果您不确定您在使用权限做什么,最好将您的站点目录移出您的主目录,以避免可能将您自己锁定在您的主目录之外。
Apache 2.4 中的一些配置参数已更改。 我在设置Zend Framework 2应用程序时遇到了类似的问题。 经过一番研究,解决方案如下:
不正确的配置
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny #<-- 2.2 config
Allow from all #<-- 2.2 config
</Directory>
</VirtualHost>
正确配置
<VirtualHost *:80>
ServerName zf2-tutorial.localhost
DocumentRoot /path/to/zf2-tutorial/public
SetEnv APPLICATION_ENV "development"
<Directory /path/to/zf2-tutorial/public>
DirectoryIndex index.php
AllowOverride All
Require all granted #<-- 2.4 New configuration
</Directory>
</VirtualHost>
如果您计划从 Apache 2.2 迁移到 2.4,这里有一个很好的参考: http ://httpd.apache.org/docs/2.4/upgrading.html
使用Apache 2.2
Order Deny,Allow
Allow from all
使用Apache 2.4
Require all granted
在使用Apache 2.4的Ubuntu 14.04上,我执行了以下操作:
在文件apache2.conf (在/etc/apache2下)中添加以下内容:
<Directory /home/rocky/code/documentroot/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
并重新加载服务器:
sudo service apache2 reload
编辑:这也适用于带有 Apache 2.4 的 OS X Yosemite。 最重要的一行是
要求所有授予
如果您使用的是WAMP服务器,请尝试以下操作:
单击任务栏上的 WAMP 服务器图标
选择上线选项
您的服务器将自动重启
然后尝试访问您的本地网站
我通过将我的用户添加到httpd.conf解决了我的问题。
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
#User daemon
User my_username
Group daemon
这篇文章在 Apache 2.2 上创建虚拟主机帮助我(第 9 点)获得顶级虚拟主机目录的权限。
我只需将此行添加到我的 vhosts.conf 文件中:
<Directory I:/projects/webserver>
Order Deny,Allow
Allow from all
</Directory>
我遇到了同样的错误,多年来一直无法解决问题。 如果您碰巧在包含SELinux (例如CentOS )的 Linux 发行版上,您需要确保为您的文档根文件正确设置 SELinux 权限,否则您将收到此错误。 这是与标准文件系统权限完全不同的一组权限。
我碰巧使用了教程Apache and SELinux ,但是一旦你知道要寻找什么,似乎就有很多。
如果您使用 MAMP Pro,解决此问题的方法是选中Hosts - Extended选项卡下的Indexes复选框。
在 MAMP Pro v3.0.3 中是这样的:
还有另一种方法可以解决这个问题。 假设您要访问存在于/var/www/html/subphp的目录“subphp”,并且您想使用127.0.0.1/subphp访问它,您会收到如下错误:
您无权访问此服务器上的 /subphp/。
然后将目录权限从“无”更改为“访问文件”。 命令行用户可以使用chmod命令更改权限。
(在 Windows 和 Apache 2.2.x 中)
“禁止”错误也是未定义虚拟主机的结果。
正如 Julien 所说,如果您打算使用虚拟hosts.conf ,请转到 httpd 文件并取消注释以下行:
#Include conf/extra/httpd-vhosts.conf
然后在conf/extra/httpd-vhosts.conf中添加您的虚拟主机定义并重新启动 Apache。
我有同样的问题,但由于我将 apache 上的路径更改为 var/www 之外的文件夹,我开始遇到问题。
我通过在 var/www/html > home/dev/project 中创建一个符号链接来修复它,这似乎可以解决问题,而无需更改任何权限...
我使用 Mac OS X,就我而言,我只是忘记在 apache 中启用 php,我需要做的就是取消注释/etc/apache2/httpd.conf中的一行:
LoadModule php5_module libexec/apache2/libphp5.so
有关详细信息,请参阅本文。
我遇到了这个问题,我的解决方案是 www-data 没有拥有正确的文件夹,而是将它设置为让其中一个用户拥有它。 (我试图做一些花哨但错误的诡计来让 ftp 玩得很好。)
运行后:
chown -R www-data:www-data /var/www/html
机器再次开始提供数据。 您可以通过以下方式查看当前谁拥有该文件夹
ls -l /var/www/html
我只想更改我的公共目录 www,并从我的 PC 和通过 Wifi 连接的移动设备访问它。 我有 Ubuntu 16.04。
因此,首先,我修改了/etc/apache2/sites-enabled/000-default.conf并为我的新公共目录 DocumentRoot "/media/data/XAMPP/htdocs" 更改了 DocumentRoot /var/www/html 行
然后我修改了/etc/apache2/apache2.conf,我把localhost的权限,和我的手机,这次我用的IP地址,我知道它不是完全安全的,但对于我的目的来说还可以。
<Directory/> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from localhost 10.42.0.11 </Directory>试试这个,不要添加任何Order allow,deny和其他:
AddHandler cgi-script .cgi .py
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
Allow from all
</Directory>
sudo a2enmod cgi
sudo service apache2 restart
RiggsFolly 在其他地方为我回答了这个问题,简单地说:
在您的 apache conf 文件夹中编辑文件: httpd-vhost.conf :
在目录嵌套中添加这一行:
Require ip 192.168.1
重新启动服务器、apache 或 Wamp 或任何你有的。
就是这样,现在您所有的 HOME 设备(在 ip 范围 192.168.1.xxx 中)都可以看到您的 PC 服务器。 请注意,您只添加 ip 号的前 3 部分)。
有任何问题,请退出防火墙进行测试。
要查看您的网络设备 ip 号码,请下载适用于 PC 的“IP Scanner”软件(周围有很多免费软件)或适用于安卓的软件,从 Play 商店获取 Fing。
I changed
Order Deny,Allow
Deny From All in .htaccess to " Require all denied " and restarted apache but it did not help.
ubuntu 中 apache2.conf 的路径是 /etc/apache2/apache.conf
然后我在 apache2.conf 中添加了以下几行,然后我的文件夹工作正常
<Directory /path of required folder>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
and run " Sudo service apache2 restart "
我知道这个问题已经有几个答案,但我认为有一个非常微妙的方面,虽然提到了,但在之前的答案中没有得到足够的强调。
在检查 Apache 配置或文件的权限之前,让我们做一个更简单的检查,以确保组成您要访问的文件的完整路径的每个目录(例如,文档根目录中的 index.php 文件)不仅Web 服务器用户可读但也可执行。
例如,假设您的文档根目录的路径是“/var/www/html”。 你必须确保所有的“var”、“www”和“html”目录都可以被网络服务器用户(可读和)执行。 在我的情况下(Ubuntu 16.04),我错误地将“x”标志从“html”目录中删除到“others”组,因此权限如下所示:
drwxr-xr-- 15 root root 4096 Jun 11 16:40 html
如您所见,Web 服务器用户(在这种情况下适用“其他”权限)没有对“html”目录的执行访问权限,这正是问题的根源。 发出后:
chmod o+x html
命令,问题解决了!
在以这种方式解决之前,我确实尝试了该线程中的所有其他建议,并且由于该建议被埋在我几乎偶然发现的评论中,我认为在这里突出显示和扩展它可能会有所帮助。
我只有一个特定的控制器有同样的问题——这真的很奇怪。 我在 CI 文件夹的根目录中有一个文件夹,它与我试图访问的控制器同名……因此,CI 将请求定向到该目录而不是控制器本身。
删除此文件夹(有点错误)后,一切正常。
更清楚地说,这是它的样子:
/ci/controller/register.php
/ci/register/
我不得不删除/ci/register/ 。
检查您放置文件的确切位置,不要将它们嵌套在 Documents 文件夹中。
例如,我犯了一个错误,将我的代码放在前面提到的 Documents 文件夹中,这是行不通的,因为 Documents 明确地只对您可用,而不是 APACHE。 尝试将其上移一个目录,您可能看不到此问题。
从以下位置移动文件夹:
/用户/您的用户名/文档/代码
到这里:/Users/YOURUSERNAME/code
只是为了在我遇到这个问题时带来另一个贡献:
我配置了一个我不想配置的 VirtualHost。 我已经注释掉了包含虚拟主机的行,并且它起作用了。
更改配置文件后不要忘记Restart All Services 。
我浪费了三个小时的时间。
您可以像以下代码一样更改youralias.conf文件:
Alias /Quiz/ "h:/MyServer/Quiz/"
<Directory "h:/MyServer/Quiz/">
Options Indexes FollowSymLinks
AllowOverride all
<IfDefine APACHE24>
Require local
</IfDefine>
<IfDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from localhost ::1 127.0.0.1
</IfDefine>
</Directory>
请记住,在这种情况下要配置的正确文件不是 phpMyAdmin 别名中的 httpd.conf,而是bin/apache/your_version/conf/httpd.conf的文件。
查找以下行:
DocumentRoot "c:/wamp/www/"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
确保将其设置为Allow from all ...
如果没有,phpMyAdmin 甚至可以工作,但不是你的根目录和它下面的其他文件夹。 另外,记得重启WAMP然后上线...
这解决了我的头痛。
在运行 docker build 之前,我在使用SSHFS从本地文件系统挂载 VirtualBox 来宾中的文件时遇到了这个问题。 最后,“修复”是将所有文件复制到 VirtualBox 实例,而不是从 SSHFS 挂载内部构建,然后从那里运行构建。
WORKING方法(除非没有其他问题)
默认情况下,Apache 不限制来自IPv4 (通用外部 IP 地址)的访问
受限制的是“ httpd.conf ”中给出的命令。
全部替换
<Directory />
AllowOverride none
Require all denied
</Directory>
和
<Directory />
AllowOverride none
# Require all denied
</Directory>
因此消除了对Apache的所有限制。
将Require local替换为C:/wamp/www/目录的Require all granted 。
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
# Require local
</Directory>
这很荒谬,但是当我尝试下载的文件不在文件系统上时,我得到了 403 Forbidden。 在这种情况下,apache 错误不是很准确,并且在我简单地将文件放在它应该在的位置之后,整个事情就起作用了。
我们启用了 modsec,检查站点的错误日志以获取 modsec ID,然后在 vhost 中输入文件的位置匹配(或者我猜是 .htaccess):
<LocationMatch "/yourlocation/index.php">
<IfModule security2_module>
SecRuleRemoveById XXXXXXX
</IfModule>
</LocationMatch>
只是为了在这个不断增长的列表中添加另一个潜在的问题,我的问题(运行 CentOS 6.8)是一个特定的虚拟主机,它在不同的服务器上运行良好,问题原来是使用 mod_rewrite 的错误 .htaccess 文件:
在 .htaccess 中,这会导致 403 错误: <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / </IfModule>
添加FollowSymLinks作为第一行解决了这个问题: <IfModule mod_rewrite.c> Options +FollowSymLinks RewriteEngine On RewriteBase / </IfModule>
权限错误
像我这样的一些非常菜鸟用户在页面中设置了不正确的权限时会遇到这个问题(特别是“其他”用户没有读取权限)。 例如,假设您尝试访问 index.html,并且您收到上述错误。 要修复,请键入:
chmod o+r index.html
然后再次上传到服务器。 错误消失。
禁止访问:您无权访问此服务器上的/ WAMP错误
[英]Forbidden: You don't have permission to access / on this server, WAMP Error
迁移和错误:禁止您无权访问此服务器上的/
[英]Migration and Error: Forbidden You don't have permission to access / on this server
在另一台PC上出现错误消息“禁止您没有访问此服务器上的权限”
[英]Error message “Forbidden You don't have the permission to access / on this server” on another PC
错误消息“禁止您没有访问此服务器上的/~[uname]/***.cgi的权限。”
[英]Error message “Forbidden You don't have permission to access /~[uname]/***.cgi on this server.”
Apache 403 Forbidden您无权访问此服务器上的/
[英]Apache 403 Forbidden You don't have permission to access / on this server
phpmyadmin-禁止-您无权访问此服务器上的/ phpmyadmin /
[英]phpmyadmin - Forbidden - You don't have permission to access /phpmyadmin/ on this server
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.