Apache2 VirtualHost 403 error

From Noah.org
Jump to navigationJump to search

error 403 with virtual hosts

Working with virtual hosts under Apache2 is pretty easy, but I had some trouble getting things started due to some unclear docs and lack of examples. My biggest problem was the "HTTP 403 / client denied by server configuration error".

There are two causes.

First, every single parent path to the virtual document root must be Readable, Writable, and Executable by the web server. I got nailed a couple of times because one of the parent directories in the virtual document root was not executable by 'www' (the user my web server runs as). The error log file messages offer no hints when this happens. It makes it seem like a configuration problem, so you can waste a lot of time look for the problem in httpd.conf.

The second cause is actually a configuration problem -- the problem is forgetting to allow access in the httpd.conf. See below.

The browser reports 403 errors for all documents in the virtual host root path. A tail of the error.log gives a message like this for each access attempt:

[Tue Jul 25 17:58:17 2006] [error] [client 192.168.1.1] client denied by server configuration: /var/www/vhosts/palermo/

The problem is that the extra/httpd-vhosts.conf is missing the directive to allow access to the directory.

Allow access by adding a <directory> section inside the <vhost> section.

<directory /vhost_document_root>
allow from all
<directory>

The following should give a better idea of how this should work:

<VirtualHost *>
    ServerName palermo.example.com
    ServerAlias palermo.example.com
    DocumentRoot /var/www/vhosts/palermo
    <directory /var/www/vhosts/palermo>
    allow from all
    </directory>
</VirtualHost>

It is strange that neither the sample httpd-vhosts.conf file that comes with Apache2 nor the Apache2 documentation on VirtualHost gives a example that could work.