Apache2 VirtualHost 403 error

From Noah.org
Revision as of 17:07, 19 October 2006 by Root (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

error 403 with virtual hosts

Working with virtual hosts under Apache2 is pretty easy, but I had some trouble getting things started due to some unclear docs and lack of examples. My biggest problem was the "HTTP 403 / client denied by server configuration error".

There are two causes to 403 errors with virtual hosts.

First, every single parent path to the virtual document root must be Readable, Writable, and Executable by the web server httpd user. The access_log will show a 403 code, but the following message is returned to the browser with no "403" string printed:

   Forbidden
   You don't have permission to access /index.html on this server.

I got nailed a couple of times because one of the parent directories in the virtual document root was not executable by 'www' (the user my web server runs as). The error log file messages offer no hints when this happens. It makes it seem like a configuration problem, so you can waste a lot of time look for the problem in httpd.conf.

The second cause is actually a configuration problem -- the problem is forgetting to allow access in the httpd.conf. In this case the access_log will show a 403 error and Aapche2 will also sometimes send a "403" in the error string to the browser:

   HTTP 403 / client denied by server configuration error

It may also send the Forbidden message with no "403" string. I don't know what this difference means.

   Forbidden
   You don't have permission to access /index.html on this server.

A tail of the error_log gives a message like this for each access attempt:

[Tue Jul 25 17:58:17 2006] [error] [client 192.168.1.1] client denied by server configuration: /var/www/vhosts/palermo/

The problem is that the extra/httpd-vhosts.conf is missing the directive to allow access to the directory.

Allow access by adding a <directory> section inside the <vhost> section.

<directory /vhost_document_root>
allow from all
<directory>

The following should give a better idea of how this should work:

<VirtualHost *>
    ServerName palermo.example.com
    ServerAlias palermo.example.com
    DocumentRoot /var/www/vhosts/palermo
    <directory /var/www/vhosts/palermo>
    allow from all
    </directory>
</VirtualHost>

It is strange that neither the sample httpd-vhosts.conf file that comes with Apache2 nor the Apache2 documentation on VirtualHost gives a example that could work.