Error 403 Access Forbidden 2

rphips · Dec 16, 2011

Good Day Everyone,

I must admit I am not a Linux or Apache expert so I am at a complete lost on why I keep getting the 403 error.

I am currently running Apache2 on a Suse Linux box and everything is running great. So My boss wants a backup box to go into are backup center. So using the same version I completely cloned the system that is up and running.

The complete web site is under /home/

http://www/html

and it has a index.html file. All rights are good and my files httpd.conf and defaultserver.conf have been configured (just like the running server) but when I try to access the web page I get

Access forbidden You don't have permission to access the requested object. It is either read-protected or not readable by the server.

If you think this is a server error, please contact the webmaster.

when I check the logs I get the following:
Kelly Kernel: SubDomain: REJECTING r access to /home/

http://www/html/index.html

(httpd2-prefork(7404) profile /usr/sbin/httpd2-prefork active DEFAULT_URI)

I am ready to blow it up - does anybody know what it is talking about and How can I fix it?

thank you and I do appriaciate any help on this matter

bob

ChrisHirst · Dec 17, 2011

Double check the ownership and permissions on the file(s)and folders.

The owner needs to be the same user as the owner the site runs as. Permissions for .html files should be set at 644

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RhythmAce · Dec 18, 2011

You may have solved the problem by now but if you didn't, the 403 is an error code sent by apache telling your browser that it doesn't think its allowed to serve the document at that particular url. As mentioned before, this is more than likely a permissions issue. There are basically two types of permissions, those handled by the file system and those in apache's configuration files. You said that you "cloned" the system. Depending on how this was done, file permissions and directory strucures could have changed. For example, if you moved or copied theses files and directories as root, their ownership may have changed. The Documentroot and all its subdirectories should be owned by the webmaster of that particular webspace. All directories usually have a chmod value of 755 and and the web pages a value of 644. Next, assure the the directory structure is the exact same as the original system. If there are changes, you will need to reflect this in the definitions of your directory containers within httpd.conf or whatever file your vhosts are defined in. Any time you make changes to any of apache's config files, you must restart apache.

ChrisHirst · Dec 19, 2011

and the web pages a value of 644

Unless they are scripted pages (php, .pl etc.) when, depending on the server setup you may have to give "world read and execute" permissions to.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

rphips · Dec 20, 2011

Thanks for answering me - -- just returned and still getting the same error.

I checked the permissions - and they are assigned as:

User = www
Groups = users

from the

http://www home

directory throught the whole directory.

Like I said I am just a beginer with this - - how do you get the chmod value?

bob

rphips · Dec 20, 2011

hey guys

i found the program chmod calculator and all my files have a chmod of 777 according to the calculator and the settings the have total access

bob

RhythmAce · Dec 20, 2011

That is not good rphips. 777 means that the whole world can read, write and execute any of those files. In other words, they can delete your entire website or add their own scripts if the directories are also 777. Do you have access to the command shell? If so, you can type "man chmod" on the command line and you will get the man pages for chmod. Man is short for manual. You can also do "man chown" to learn how to change ownership. If you have any prblems understanding any of it, I or anyone else here will be more than happy to put things into simpler terms. I would not go live with that server until you get eerything secure.

rphips · Dec 21, 2011

Thanks RhythmAce

I went through every directory and every file and reset all the rights to the proper settings - (easy when using YAST)

But I still cannot access the web pages - (same errors) even if I try localhost or accessing from an outside source.

Time to blow it - hold just found out this happened once before when they changed their ISP in August and a consultant changed something in the original configuration - I guess I need to know what he did.

If anybody knows what he might have done your help would be appreciated

bob

Noway2 · Dec 22, 2011

It wasn't clear from your post, did it function when the permissions were set to 777? If so, it indicates that the user account under which aache is running (typically something like nobody, or

http://www-data)

can't access the files. This is generally covered via the "others" read permission.

You could also be facing a ACL (access control list) problem if you are using a security application such as App Armor or SELinux and you may need to make adjustments there.

Another possibility is that you haven't properly declared the directory or set the permissions within the host declaration in Apache. Apache uses the Allow,Deny rule combination to determine whether or not a folder is accessible and by whom.

If you determine it is not a file permissions issue, look at your host declaration. If you don't see anything wrong, consider posting it for assistance.

rphips · Jan 3, 2012

Hey everyone

Hope your new years was a good one --- mine more of the same ----

Still getting the 403 error - tried reload - no-good, contacted the last consultant (he was brain dead didn't have a clue), I redid all the .htaccess files and regenerated all the passwords, still nothing here is my httpd.conf file
#
# /etc/apache2/httpd.conf
#
# This is the main Apache server configuration file. It contains #theconfiguration directives that give the server its instructions.
# See <URL:

http://httpd.apache.org/docs-2.0/>

for detailed information aboutthe directives.

# Based upon the default apache configuration file that ships #with apache,which is based upon the NCSA server configuration #files originally by Rob
# McCool. This file was knocked together by Peter Poeml #<poeml+apache@suse.de>.

# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.

# Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# |-- sysconfig.d/include.conf . . . . . . [*] your include files
# | (for each file to be included here, put its name
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked [*] are created from sysconfig upon server restart: instead of
# these files, you edit /etc/sysconfig/apache2

# Filesystem layout:
#
# /etc/apache2/
# |-- conf.d/
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
# |-- default-server.conf
# |-- errors.conf
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
# |-- listen.conf
# |-- magic
# |-- mime.types -> ../mime.types
# |-- mod_autoindex-defaults.conf
# |-- mod_info.conf
# |-- mod_log_config.conf
# |-- mod_mime-defaults.conf
# |-- mod_perl-startup.pl
# |-- mod_status.conf
# |-- mod_userdir.conf
# |-- mod_usertrack.conf
# |-- server-tuning.conf
# |-- ssl-global.conf
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2
# | |-- global.conf
# | |-- include.conf
# | `-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
# `-- vhost.template

### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

<Directory "/home/

http://www/html/alert/">