Jun 01 2005
Apache – “Client denied by server configuration” tips
Having problems with displaying your site and getting error 403 in your web-browser?
does the log-file for apache errors contain lines like tis?
“client denied by server configuration: /path/to/files”
Then you probably have denied access to the directory in the httpd.conf file.
Allow access by adding:
<directory /path/to/files>
allow from all
</directory>
If your are using VirtualHosts then add the directory-block inside the <virtualhost> block.
30 responses so far
Hi,
i try to install OTRS but i do not succed because of 403 ERROR …
i have this problem when i want to access to my intranet page :
http://intranet.toto.com/otrs/installer.pl
I have this error :
Forbidden
You don’t have permission to access /otrs/installer.pl on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.46 (Red Hat)
and in my Apache log :
client denied by server configuration: /opt/otrs/bin/cgi-bin/installer.pl
I do not understand, i spent a lot of time on many forum and nothing is working yet !!!
Can someone help me ???
This is my httpd.conf from apache :
ServerTokens OS
ServerRoot “/etc/httpd”
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 1000
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
#ThreadGuardArea off
Listen 0.0.0.0:80
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot /var/www/html/postnuke/html
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
UserDir disable
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
Order allow,deny
Deny from all
TypesConfig /etc/mime.types
DefaultType text/plain
# MIMEMagicFile /usr/share/magic.mime
MIMEMagicFile conf/magic
nameserver.
#
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
# CustomLog logs/access_log common
CustomLog logs/access_log combined
CustomLog logs/access_log combined
#
ServerSignature On
Alias /icons/ “/var/www/icons/”
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Alias /manual “/var/www/manual”
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
#
ScriptAlias /cgi-bin/ “/var/www/cgi-bin/”
#OTRS
Alias /otrs-web/ “/opt/otrs/var/httpd/htdocs/”
ScriptAlias /otrs/ “/opt/otrs/bin/cgi-bin/”
allow from all
AllowOverride None
Options None
Order allow,deny
Allow from all
IndexOptions FancyIndexing VersionSort NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage he .he
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .sv
AddLanguage cs .cz .cs
AddLanguage ru .ru
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
AddLanguage hr .hr
LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw
ForceLanguagePriority Prefer Fallback
#
#
AddDefaultCharset UTF-8
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
AddType application/x-tar .tgz
AddHandler imap-file map
AddHandler type-map var
AddOutputFilter INCLUDES .shtml
Alias /error/ “/var/www/error/”
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
BrowserMatch “Mozilla/2″ nokeepalive
BrowserMatch “MSIE 4\.0b2;” nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch “RealPlayer 4\.0″ force-response-1.0
BrowserMatch “Java/1\.0″ force-response-1.0
BrowserMatch “JDK/1\.0″ force-response-1.0
BrowserMatch “Microsoft Data Access Internet Publishing Provider” redirect-carefully
BrowserMatch “^WebDrive” redirect-carefully
BrowserMatch “^WebDAVFS/1.[012]” redirect-carefully
BrowserMatch “^gnome-vfs” redirect-carefully
Just wanted to say thanks for this. Found a lot of junk for this problem in the search results, but your post solved my problem. Many thanks!
Hi guys,
i’m facing the problem that access is denied for client,the directory the error is refering to is the one that stores the access to my database only the php user can get to it.Now i have made tracker where the ip address is a link if u click on information of the certain IP should be displayed which pages he visited and when.
<?php
require($_SERVER["DOCUMENT_ROOT"].”/config/db_config.php”);
$connection = @mysql_connect($db_host, $db_user, $db_password) or die(“error connecting”); mysql_select_db($db_name, $connection);
$query = “SELECT * FROM tracker GROUP BY IP”;
$result = mysql_query($query, $connection);
$views = mysql_num_rows($result);
echo $views.”unique IPs”;
echo “IP views:”;
$query = “SELECT *, count(*) FROM tracker GROUP BY IP”;
$result = mysql_query($query, $connection);
for ($i = 0; $i < mysql_num_rows($result); $i = $i + 1)
{
$IP = mysql_result($result, $i, “IP”);
$views = mysql_result($result, $i, “count(*)”);
echo ‘‘.$IP.’‘;
echo “views: $views”;
}
echo “Page views:”;
$query = “SELECT *, count(*) FROM tracker GROUP BY page”;
$result = mysql_query($query, $connection);
for ($i = 0; $i < mysql_num_rows($result); $i = $i + 1)
{
$page = mysql_result($result, $i, “page”);
$views = mysql_result($result, $i, “count(*)”);
echo “page: $page”.” “;
echo “views: $views”;
}
?>
if you press the ip-link this page should be opened
<php
require($_SERVER["DOCUMENT_ROOT"].”/config/db_config.php”);
$connection = @mysql_connect($db_host, $db_user, $db_password) or die(“error connecting”);
mysql_select_db($db_name, $connection);
$cur_IP = $_GET["IP"];
echo “Pages viewed by $cur_IP:”;
$query = “SELECT * FROM tracker WHERE IP = ‘$cur_IP’ ORDER BY date_auto”;
$result = mysql_query($query, $connection);
for ($i = 0; $i < mysql_num_rows($result); $i = $i + 1)
{
$page = mysql_result($result, $i, “page”);
$date_auto = mysql_result($result, $i, “date_auto”);
$date = date( “H:i:s m/d/Y”, $date_auto);
echo “Page: $page Date: $date”;
}
?>
from the apache log file this is the error i get
n Oct 21 05:43:33 2007] [error] [client 127.0.0.1] client denied by server configuration: D:/websites/config/
if u press the link a blank page appears(ip-link)
i’m using apache2.0.55/mysql5.0.45/php5.2.4
i would be very glad if someone could find the error i have searchd everywhere but found different topics
oh my bad sry i forgot the question mark in the send php file at the beginn
(((<php)))
require($_SERVER[”DOCUMENT_ROOT”].”/config/db_config.php”);
$connection = @mysql_connect($db_host, $db_user, $db_password) or die(”error connecting”);
mysql_select_db($db_name, $connection);
but still thx
Sweet! That did it … i was pulling my hair out trying to figure out why i could only access my site from localhost … it was the:
Deny all
Allow from 127.0.0.1
You are my hero … even though i should’ve been able to figure it out myself
)
Thanks again
Hi,
I had this error too, upgrading from Apache 2.0 to 2.2. I have a mass virtual host setup in Apache, which means to set up a new site, all I need to do is create the ///{htdocs,cgi-bin} directories to set up the vhost. Very convenient… however it broke in the update.
I had the following:
<Directory “”>
AllowOverride All
Options ExecCGI FollowSymLinks
Previously Apache saw no allow/deny directives, thus assumed everything was allowed. 2.2 makes different assumptions, thus I had to add the “Order allow,deny” and “Allow from all” as suggested.
This post has been a great help, I was confused, and was trying to debug a static config (which would be a PITA to maintain). The solution turned out to be incredibly simple in the end.
If you are hitting this issue on Windows 2000, there is an apache bug that could be causing it. See:
http://issues.apache.org/bugzilla/show_bug.cgi?id=41321
The work-around is to add the following parameter to your http.conf:
Win32DisableAcceptEx
:: facepalm ::
THANK YOU!
I’d be struggling with this for hours before I found this. Damn stupid default config…
I had similar issue and the problem was .htaccess in the root directory. Once I removed it, the problem was solved.
Hi
I want to thank you! Your post helped me to solve a problem with deny access to the directory. I allowed access by adding a … in my VirtualHost tag. It’s works now!
Hejssan.
Thanx mate, you saved my day.
I have multiple vhosts and run this server for years w/o issues
but now when i tried to relocate some vhosts to a NFS mounted
storage array, i ran into this mess. You fixed it.
Thanks mate! nu har jag en problem mindre
greetings from finland.
tnx, that saved my day…
however, there’s a slash missing in the last line
allow from all
:sorry:, could not resist
Hi, nice tip. But change the final to This little tipo may catch some newbies…
Regards.
thank you !!
You are my hero!
U are gr8..:)
I just added the below information as given by the author it worked…
allow from all
Thanks mate,
Worked like a charm, saved me from a lot of frustration
Best regards
Thanks mate, worked here too!
pfft, now i get “internal server error”
thanks for this info, been struggling with this all afternoon.
thanks !
worked, Thanks.
hi
i am trying to restrict web site to specific doman users , i have written code in acess.conf
Order deny,allow
Deny from all
Allow from ipmcghana.com
still is not allowing me to acess link from domain joined clients..
please i need help …
thankx
Some rpms will silently put an Apache config file in your “conf.d” or whatever directory. For example, I just set up an MRTG server using CentOS. I installed the MRTG rpm a few days after I set the server up with Apache. The MRTG RPM put an “mrtg.conf” file in the config that denied access to MRTG from all hosts, but it did not restart Apache. So the MRTG pages were perfectly fine until Apache was restarted by some random cron job and the mrtg.conf file got read in. Debugging that cost me 3 minutes of my life I will never have back. So check ALL your conf files.
Re : now i get “internal server error”
Please check permissions to the .htaccess file located in you root web directory
Very Helpful Tips will save lots of time
Linux Howtos and Tutorials
thnks
Basically this story is long but am gonna try up cutting it short. so last November my ex-girlfriend had a crush on a guy, she called me ugly, told me that she couldn’t love me as much as i did, told me that even if this guy was a murderer she would still date him, she said she was happy and that i wasnt whenever i asked her why she was acting weird (because i didnt know she liked another guy) she called me all sort of names and sacrificed our two year relationship for this guy. I warned her not to leave but she only saw me as controlling, so i let her go. but note all the times she was insulting me i didnt know she liked someone else i just though i did something wrong to piss her off, during this period she broke up with me three times and three times i took her back. This was hurting me for month and every night i burned about the words she said to me, i cuts like a “samurai sword”.lol. i just wanted to get over the pain of what she did to me.Every now and then i replay these hurtful memories in my head unintentionally and it just make me wanna cry, trust me its that bad. plus i cant blame her for liking someone else, but then again i blamed myself for taking her back several times to the extent that she even hurt me more every-time she left. February this year she came back and was crying to me that she should have never left me and that she was sorry for everything she did. like an idiot i fell for her trap again and took her back that night, the next day she was back to being mean again, she told me that she only came back for comfort from me, ans that she didnt really love me anymore. this hurt me more because it hasnt even been 24hours and she is back to being mean. i was so angry that i went to confront her in her room (no violence, just me talking angrily to her) and she ended up saying to me that she loves this guy and the love for me is gone and that i should leave her room. this again hurts me real bad. everyday i beat my self up think what an idiot i am. i keep asking myself why am an idiot for this girl and why i keep letting her hurt me, i feel as though she has taken my sanity away from me because am so depressed, confused and my self-pride has been ruined.
[...] Apache – “Client denied by server configuration” tips [...]
Thanks so much for this tip. I’ve a bit of an amateur when it comes to linux, this fixed up my issues with getting a 403 forbidden page when trying to access group-office.